I think almost everyone knows of the infamous Capital One breach that leaked personal data of 100 Million Capital One customers.
SOURCE : https://www.cbsnews.com/news/paige-thompson-what-we-know-about-accused-capital-one-breach-hacker-2019-07-31/
I’ve been studying this case, as this is really exciting. I read somewhere that Paige Thompson, the hacker, seems to have used a SSRF vulnerability to extract the data from AWS s3 buckets. But that’s not the interesting part. The interesting part is that she doesn’t seem to have much of a motive.
She didn’t seem to do it for the money (as far as we can tell), and leaked messages from her handle (erratic) shows that it’s almost as if she wanted to get caught. Even the article says “Paige Thompson, …, almost seemed to want to get caught. Mission accomplished.”
The reports say that she was distressed after her cat died, but is it enough to push someone over the edge like this?
I can’t understand at all what her intentions was.
Anyone that understands more about this, please share your thoughts.