ADVERTISEMENT

Amazon Contacted Customers Named by Alleged Capital One Hacker

Paige Thompson was charged with computer fraud for accessing data of about 100 million people in the U.S. from Capital One.

Amazon Contacted Customers Named by Alleged Capital One Hacker
An Amazon.com Inc. logo sits on a column in the canteen at an Amazon fulfilment centre in Tilbury, U.K. (Photographer: Jason Alden/Bloomberg)

(Bloomberg) -- Amazon.com Inc. said it has reached out to cloud-computing customers mentioned in online postings by the accused perpetrator of a data breach of Capital One Financial Corp., but found no proof she was able to exploit similar flaws at those companies.

Paige Thompson, a former Amazon Web Services employee, was arrested on Monday and charged with computer fraud for accessing data of an estimated 100 million people in the U.S. from Capital One by exploiting a misconfigured firewall that gave her access to some of the data the firm stored on AWS.

In a post on the online messaging service Slack, Thompson appeared to refer to other improperly secured Amazon databases she was able to access, according to a person who had seen the conversation and shared it with Bloomberg. That message was reported earlier by cybersecurity blogger KrebsOnSecurity.

Grant Milne, an AWS spokesman, said the company had “reached out to the customers mentioned in online forums by the perpetrator to help them assess their own logs for any evidence of an issue.”

“At this point, we do not have proof that the perpetrator in the Capital One incident found similar application flaws in a few other customers,” Milne said Wednesday in an email. He didn’t name the customers.

The Wall Street Journal, which earlier Wednesday reported Amazon’s outreach, said that UniCredit SpA, one of the companies named in the Slack posting, was investigating the possibility of a similar data breach.

To contact the reporters on this story: Matt Day in Seattle at mday63@bloomberg.net;Nico Grant in San Francisco at ngrant20@bloomberg.net

To contact the editors responsible for this story: Jillian Ward at jward56@bloomberg.net, Andrew Pollack

©2019 Bloomberg L.P.