How many employees does Capital One have

Paige Thompson has an impressive résumé. Although she broke off her computer science studies at the college in Bellevue, the programmer from Seattle speaks around ten programming languages ​​and is familiar with all kinds of IT platforms, even when it comes to Internet protocols and cloud computing technologies, nobody can fool her.

With such a résumé, speculation on a web forum for system administrators at Reddit, one could easily make $ 100,000 a year. With her youngest employer, Amazon's cloud service AWS, she probably earned little less than that. In this respect, it is completely incomprehensible that such a talented person should turn to cybercrime. But that's exactly what the 33-year-old did, according to a criminal complaint published by a Seattle court.

On July 17th, the bank "Capital One" received a message via a specially set up e-mail address that Thompson was in possession of stolen bank data. According to the criminal complaint, Thompson gained access to a server of the bank through an incorrectly configured firewall. There she was able to create an account with extensive privileges for the bank's cloud storage. The loophole that Thompson exploited was closed, according to Capital One. The cloud company is not mentioned in the ad, but Thompson's former employer AWS has already confirmed that the data is stored there. However, the security mechanisms would have worked as planned.

Equipped with login privileges, Thompson viewed the bank's stored data and copied the contents. It has it all: It is said to be data from 100 million Americans and another six million Canadians, mostly from applications for credit cards: These include social security numbers, names and dates of birth, information on the income and creditworthiness of the applicants.

It was arguably one of the biggest hacks by a US bank

In this case, it is much easier to provide evidence for the public prosecutor than it is for cybercrime. While professional hackers would carefully cover their tracks after such a coup, Thompson boasted of their deed in various forums on the Internet. Not only were there indications of the theft in her account on the programming platform Github, but also in a comparatively easily accessible channel on the teamwork platform Slack, in which she exchanged information with other hackers. There investigators found, among other things, this exchange between Thompson and another user:

"Pretty seedy thing, please don't go to jail." - "Don't worry. I'm like> ipredator> tor> s3 with the whole thing. I just want to get the stuff off my server."

"S3" is the program that Amazon uses for data storage. "IPredator" and "Tor" are programs for concealing one's own identity on the net. Apparently, Thompson felt safe from prosecution by using the tools. However, via the same channel, the investigators also found a veterinarian bill with the home address of the hacker. A house search revealed further indications of the data theft.

106 million data, so the data theft at Capital One is likely to be one of the biggest hacks by a US bank that ever existed. The affected customers could have been lucky, however: There is currently no evidence that Thompson has redistributed the data.