CLOSED

Capital One said that personal information from more than 100 million individuals was compromised by massive data theft.
USA TODAY

A Seattle woman accused of acquiring more than 100 million customers from Capital One is reportedly a former Amazon Web Services systems engineer who may have access to data from multiple companies.

Paige A. Thompson, 33, is charged with data fraud and abuse in a criminal case filed Monday before the Seattle federal court.

In the filing, the Federal Bureau of Investigation states that Capital One was notified in an email tip July 17 that some of the acquired data was stored on Github, an online platform with more than 36 million users. Also on that Github account, the timestamp on April 21, 2019, was Thompson's resume, says FBI Special Agent Joel Martini in the filing.

<img itemprop = "url" src = "https://www.gannett-cdn.com/presto/2019/07/30/USAT/b2f3732e-ab12-4c97-8f93-ae0fb2f98a3b-AP_Earns_Capital_One.jpg?width = 540 & height = & fit = bounds & auto = webp "alt =" A Seattle woman is charged with taking more than 100 million Capital One customers. [19659007] A Seattle woman is charged with taking more than one Capital One 100 Million Customers. (Photo: Jeff Chiu, AP)

Capital One Data Breach: What You Need to Know About the Event That Affected More Than 100 Million Customers [19659005] Capital One data breach failure: How to protect yourself

Thompson left an online track that includes IP addresses associated with a VPN named IPredator – located in Cyprus , according to the site – and posts on online group event service Meetup and instant messaging platform Slack, Martini said.

She posted on Twitter to be a transgender woman and navigating "emotional entropy."

Earlier this month, Thompson tweeted about having to kill her cat. "After this is over, I will check in to the mental hospital indefinitely," the tweet continued. "I have a whole list of things that will secure my involuntary confinement from around the world. The kind that they can't ignore or brush off at the emergency room. I'll never come back."

Thompson's resume says she worked at Amazon from May 2015 to September 2016, listing her job as a systems engineer working at S3 or Amazon Simple Storage Service, which the company says is its platform for storing "data for millions of applications for companies around the world. "

Her online credentials and Internet protocol addresses were found to be involved in accessing a server that had a misconfigured firewall and downloading data in March 2019 from Capital One's storage space on Amazon's cloud system, according to the filing. [19659016] FBI agent Martini also identified Thompson's Twitter account, which used the name "Erratic," and found a direct message in which Thompson boasts of plans to distribute the acquired data – social security number, name and date of birth. The message reads, according to the filing: "I was basically excited about a bomb vest, (explosive) dripping capitol de dox and admitted. I want to hand out the buckets I am thinking first. … It ssns … with my full name and . " [19659005] Martini said in the filing, "I understand this post to indicate … Thompson intended to disseminate data stolen from victim units, starting with Capital One."

Data security writer Brian Krebs wrote that he reviewed comments on Slack channel Thomspon used and found a comment on June 27 "showing various databases she found by hacking into improperly secured Amazon cloud instances," he wrote on security news site KrebsOnSecurity.

"This post suggests that Erratic may also have found dozens of gigabytes of data belonging to other major companies," he said.

On Slack, Thompson / Erratic "also frequently posted .. about her struggles with gender identity, lack of employment and persistent suicidal thoughts, "Krebs wrote.

"In several conversations, Erratic refers to operating a kind of bot network, although it is unclear how serious these claims were," he wrote. "In particular, Erratic mentions one bot network involved in cryptocurrency, which uses code snippets installed on websites – often surprisingly – designed to mine cryptocurrency."

On Monday, the FBI searched the home of Seattle where Thompson lived and found "many digital devices … (With) files that referred to Capital One" as well as Amazon, according to the filing, and "other devices that may have been the targets of attempted or actual network infringement, and the "erratic" alias associated with (Thompson). "

A Thompson man in the Beacon Hill home in southeast Seattle told the Associated Press," There was an FBI interrogation with M4s in the face, "Said the roommate who gave her name as Ashley, but asked for last names not to be used." They came in hard. They came in with a purpose. "

Ashley said Thompson has great computer skills and" just wanted to see if she could (get the data). She had no unpleasant intentions with the data. "

A homemaker in the Beacon Hill home in southeast Seattle told CBS affiliate KIRO-TV Monday," We didn't know what she was doing … She wouldn't come out – she was like why are you here? " roommate. "Her Twitter handle is very appropriate – you've seen it, & # 39; erratic. & # 39; It's quite the best way to describe her. & # 39;

June 29, Thompson's account sent a retweet of a news about several companies including Netflix that had data exposed to Amazon cloud storage.

Thompson, who is due bail Thursday and faces five years in prison and $ 250,000 if convicted, "broke down and put their heads down on the defense table during the hearing" on Monday, according to Bloomberg.

Follow United States Today -report Mike Snider on Twitter: @MikeSnider .

Read or share this story: https://www.usatoday.com/ story / money / business / 2019/07/30 / suspect-behind-capital-a-data-breach-can-have / 1865848001 /