
A former AWS employee was convicted of multiple crimes connected to one of the largest US data breaches of all time.
Paige Thompson, acting under the handle ‘erratic,’ would have obtained the personal information of more than 100 million people in the infamous Capital One hack in 2019 using a tool she built that searched for misconfigured accounts on AWS.
The data breach prompted the company to reach a $190m settlement with affected customers. Further, the Treasury Department fined the company $80m for failing to protect customer data.
After obtaining the data, the software engineer would have then mined it and installed cryptocurrency miners on some AWS servers.
Based on these events, a federal jury on Friday found Thompson guilty of seven federal crimes, including wire fraud, illegally accessing a protected computer, and damaging a protected computer.
At the same time, court documents hint that the former AWS software engineer spent hundreds of hours advancing her scheme, bragging about her illegal conduct to others via text or online forums.
Thompson’s ultimate sentence is expected on September 15, Wire fraud is punishable by up to 20 years in prison, while illegally accessing a protected computer and damaging a protected computer is punishable by up to five years.