REUTERS/ Brendan McDermid
- The woman suspected of stealing more than 100 million people's data from Capital One bank clued in the FBI because she boasted about a hack on GitHub, Slack, and Twitter, according to court documents filed by federal prosecutors on Monday.
- Capital One revealed on Monday that the data of some 106 million individuals had been compromised in the breach, which occurred in March.
- Among the many online clues left by the suspect, Paige Thompson, was a Twitter direct message which read: "[sic] Ive basically strapped myself with a bomb vest, fucking dropping capitol ones dox and admitting it."
- Visit Business Insider's homepage for more stories.
The suspected hacker behind the Capital One bank breach which affected 106 million individuals in the US and Canada was caught because of her boasting online, according to court filings submitted by federal prosecutors.
Capital One disclosed that a breach on March 22 and March 23 had impacted 100 million people in the US and a further six million in Canada. A complaint filed on Monday in Seattle, Washington revealed the alleged perpetrator to be one Paige Thompson, formerly a software engineer for Amazon Web Services.
FBI agent Joel Martini detailed in the complaint against Thompson how he pieced together her identity from her extensive boasting online.
Capital One was first alerted to the breach by a tip that came in to its security disclosure email. "There appears to be some leaked s3 data of yours in someone's github / gist," the tip reads, providing a link.
Martini found Thompson's full name on GitHub, the code collaboration service. He also found a link to a GitLab page, containing a resume describing Thompson as a "systems engineer" who had worked for Amazon AWS from 2015 to 2016.
Martini then found Thompson had set up a Meetup group under her preferred online alias, "erratic."
Meetup is a social media site where people join groups based on their interests. The Meetup group contained a code to join a Slack channel, where Thompson had boasted about the hack, prompting concern from one other user who wrote "don't go to jail plz."
United States District Court for the Western District of Washington Seattle
Martini was able to link the Slack account to Thompson's real-life identity after she posted a vet's bill about a pet which listed her name and address. While the filing didn't specify which pet, the New York Times found Thompson had posted on Meetup about taking her cat to the vet, which is corroborated by pictures posted on Twitter.
Martini was also able to find a Twitter account under the name "Erratic." The tipster provided Capital One with a screenshot of Twitter direct messages from this account in which Thompson says: "Ive basically strapped myself with a bomb vest, fucking dropping capitol ones dox and admitting it."
United States District Court for the Western District of Washington Seattle
After amassing this evidence, Martini obtained a warrant to search Thompson's home. Agents seized "numerous digital devices" and found files on them that referred to Capital One.
Thompson was subsequently charged with computer fraud and abuse, punishable by as much as five years in prison and a $250,000 fine.
You can read the full complaint below: