Accused Capital One hacker 'had no malicious intent,' insists friend

Paige Thompson is accused of stealing the financial records of over 100 million Americans, but a self-described longtime friend says the situation is significantly more complicated than it first appears.

The Department of Justice on Monday announced the arrest of Thompson, a 33-year-old former Amazon employee. Federal authorities alleged in a criminal complaint that she exploited a misconfigured firewall to access millions of Capital One customers' records via a cloud company's servers.

"She had no malicious intent and was not targeting anyone," her friend insisted.

We got in touch with the friend, who we are not identifying by name, via a now-deleted Slack workspace that appears to have been set up by Thompson.

In the workspace, someone going by the name of "erratic" — who the DOJ alleges is Thompson — can be seen discussing files reportedly related to the Capital One hack. A screenshot of this conversation is included in the DOJ complaint, and we were able to find the same conversation in one of the Slack channels we accessed.

The Slack conversation included in the criminal complaint. Credit: screenshot / doj

The friend, who told Mashable they work in educational IT and software, says they have spoken with Thompson every day "for the last couple of years." The friend sent us logs of past conversations with Thompson, dating back to June 2018, as proof of their friendship. While we were unable to independently verify the logs, they appear genuine.

Importantly, the friend explained over Slack and Signal that Thompson had attempted to report the vulnerability she allegedly exploited — but no one listened.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

"She went to prominent infosec community members to release it responsibly and they laughed at her and did not take her seriously," the friend wrote.

A screenshot, taken by Mashable, of the now deleted Slack. Credit: Screenshot / slack

The friend named a specific member of the information security community who Thompson allegedly attempted to notify, and we reached out to that person in an attempt to verify the claim. As of press time, we have not heard back.

The specific Slack channel within the workspace where the hack was discussed had the topic set to "Never give up on your dreams."

"Paige is a gifted and intelligent woman," the friend continued. "She was very curious and had a lot of time as she was not employed, and she was merely looking for nonsecure public HTTP servers and ended up in this mess."

The DOJ alleges Thompson discussed the hack in the public Slack workspace, as well as posted details of the breach to a GitHub page connected to her real name.

When asked if Thompson attempted to notify Capital One of the vulnerability, the friend said they didn't know. We reached out to Capital One, but haven't heard back as of press time.

SEE ALSO: Exasperated officials use pineapple pizza to explain Russian election interference

"Had this been released through appropriate channels and she had not been laughed at by certain ppl in the infosec community she would be heralded as someone that brought to light vulnerabilities that the companies KNEW about and did not protect," the friend continued. "To me the real failing is on the company that did not protect their client data and allowed poorly configured servers to be in production."

If convicted, Thompson faces up to five years in prison and a $250,000 fine.

---

Featured Video For You

---

Presidential candidate Beto O'Rourke’s teenage hacker life

---