Capital One Hacker Used Stolen Data to Mine Cryptocurrencies

The hacker had already got access to Amazon Web Services (AWS) servers and managed to steal sensitive data.

Paige Thompson, the former Amazon employee accused of breaching credit cards issuer Capital One, is also believed to have hacked the cloud servers of 30 other companies to mine cryptocurrencies.

The Seattle woman didn’t exploit backdoor vulnerability on victims’ devices to find her way into the servers. Instead, she was able to go in right through the front door, providing the username and password of the server’s administrator.

London Summit 2019 Launches the Latest Era in FX and Fintech – Join Now

The software engineer had already got access to Amazon Web Services (AWS) servers and managed to steal sensitive data including credit cards codes, email addresses, dates of birth, income and payments history, plus the Social Security numbers of about 140,000 customers.

Capital One revealed in July that more than 100 million of its customers had their personal data exposed in a hack. The hack also affected 6 million in Canada, and the leaked data was used for hijacking the resources of comprised machines to solve mathematical problems and collect cryptocurrency rewards.

Suggested articles

TrustedBrokerz: The Source More Traders Are TrustingGo to article >>

The alleged hacker Thompson, who also reportedly goes by the online handle “erratic,” was charged with a single count of computer fraud and abuse, but is likely to face new charges related to the additional crypto hacks.

Cryptojacking has been a rampant practice

US prosecutors said in new court documents filed Wednesday the fraud was discovered on July 19, but customers weren’t informed until July 29. The alleged operator favored leveraging the leaked data in cryptojacking which involves the unauthorized use of someone else’s computer to mine cryptocurrency.

The term also refers to either getting the victims to click on a malicious link to load cryptomining code on the computer or by infecting a web resource with JavaScript code that auto-executes once loaded in the internet browser.

Cryptojacking, which is also known as cryptomining malware or coinjacking, has been a rampant practice. As Finance Magnates previously reported, instances of such malware have shot up over the last two years, leading commentators to warn of an epidemic.

More generally, cybersecurity company McAfee revealed that instances of crypto-mining malware saw a 4000-percent increase in 2018.

Got a news tip? Let Us Know