- Can you build a billion-dollar business with only AI agents (yet)? This author thinks so
- I replaced my OnePlus with this $700 Motorola flip phone, and it's spoiled me big time
- Your TV's USB port has an underrated benefit that can revitalize an old system - here's how it works
- I finally tried Samsung's XR headset, and it beats my Apple Vision Pro in meaningful ways
- Everything from Google I/O 2025 you might've missed: Gemini, smart glasses, and more
Former Amazon Worker Convicted of Capital One Data Breach
A former Amazon Web Services (AWS) employee was convicted of multiple crimes connected to one of the largest US data breaches of all time.
Paige Thompson, 36, acting under the handle ‘erratic,’ would have obtained the personal information of more than 100 million people in the infamous Capital One hack in 2019 using a tool she built that searched for misconfigured accounts on AWS.
For context, the data breach prompted the company to reach a $190m settlement with affected customers. Further, the Treasury Department fined the company $80m for failing to protect customer data.
After obtaining the data, the software engineer would have then mined it and installed cryptocurrency miners on some AWS servers.
Based on these events, a federal jury on Friday found Thompson guilty of seven federal crimes, including wire fraud, illegally accessing a protected computer and damaging a protected computer.
“Ms. Thompson used her hacking skills to steal the personal information of more than 100 million people, and hijacked computer servers to mine cryptocurrency,” said US Attorney Nick Brown in a press release.
“Far from being an ethical hacker trying to help companies with their computer security, she exploited mistakes to steal valuable data and sought to enrich herself,” he added.
She was found not guilty, however, of aggravated identity theft and access device fraud after her attorneys argued that she struggled with mental health issues and never intended to profit from the data she obtained. Further, they claimed there was no “credible or direct evidence that a single person’s identity was misused.”
At the same time, court documents hint that the former AWS software engineer spent hundreds of hours advancing her scheme, bragging about her illegal conduct to others via text or online forums.
“She wanted data, she wanted money, and she wanted to brag,” Assistant US Attorney Andrew Friedman said in closing arguments.
Thompson’s ultimate sentence is expected on September 15, after Judge Lasnik considers the sentencing guidelines and other statutory factors.
Wire fraud is punishable by up to 20 years in prison, while illegally accessing a protected computer and damaging a protected computer is punishable by up to five years.
