Paige Thompson, the former Amazon employee accused of breaching credit cards issuer Capital One, is also believed to have hacked the cloud servers of 30 other companies to mine cryptocurrencies.
The Seattle woman didn’t exploit some backdoor vulnerability in victims’ devices to find her way into the servers. Instead, she was able to go in right through the front door, providing the username and password of the server’s administrator.
The software engineer had already got access to Amazon Web Services (AWS) servers and managed to steal sensitive data including credit cards codes, email addresses, dates of birth, income and payments history, plus the Social Security numbers of about 140,000 customers.
Capital One revealed in July that more than 100 million of its customers had their personal data exposed in a hacking. The hack also affected 6 million in Canada, and the leaked data was used for hijacking the resources of comprised machines to solve mathematical problems and collect cryptocurrency rewards.
ACY Securities Sponsors ITTAGo to article >>
The alleged hacker Thompson, who also reportedly goes by the online handle “erratic,” was charged with a single count of computer fraud and abuse, but is likely to face new charges related to the additional crypto hacks.
Cryptojacking has been a rampant practice
US prosecutors said in new court documents filed Wednesday the fraud was discovered on July 19, but customers weren’t informed until July 29. The alleged operator favored to leverage the leaked data in cryptojacking which involves the unauthorized use of someone else’s computer to mine cryptocurrency.
Cryptojacking, which is also known as cryptomining malware or coinjacking, has been a rampant practice. As Finance Magnates previously reported, instances of such malware have shot up over the last two years, leading commentators to warn of an epidemic.
More generally, cybersecurity company McAfee revealed that instances of crypto-mining malware saw a 4000-percent increase in 2018.