The Washington PostDemocracy Dies in Darkness

The FBI tracked down the alleged Capital One hacker online. The suspect left a digital trail.

Capital One revealed July 29 that personal information of about 100 million bank customers in the U.S. were stolen by a hacker. (Video: Reuters)

Weeks before she was arrested, Paige Thompson was getting ready to euthanize her cat.

The 33-year-old Seattle programmer was pained like any loving pet owner, tweeting that her cat Millie’s health would “only get worse” and that she “just can’t see her go through this misery anymore.”

Her next tweet took a darker turn. Thompson wrote that she planned to check into a mental hospital after her ordeal with Millie was over.

“I have a whole list of things that will ensure my involuntary confinement from the world,” she wrote July 5. “The kind that they can’t ignore or brush off onto the crisis clinic. I’m never coming back.”

On Monday, Thompson was accused in one of the largest data breaches to strike a financial services company. A criminal complaint, which cited Thompson’s Twitter account, says the software developer stole 100 million credit card applications from Capital One, exposing 140,000 Social Security numbers and 80,000 bank account numbers in the latest testament to the vulnerability of people’s personal data online.

Her tweets — sometimes typo-riddled, sometimes profane, often typed out in all lowercase — came from an account under a stylized version of “Erratic,” the alias linking her various online profiles. Authorities traced Thompson from the messaging platform Slack to her accounts in places such as Twitter and the code-sharing website GitHub, where authorities say Thompson posted the stolen data for all to see under her real name and email address.

Many of Thompson’s online footprints are gone by now, leaving only broken URLs. Her LinkedIn page: “Profile not found.” The personal website on her résumé: taken down. The programming group she once ran on, dubbed “Seattle Warez Kiddies,” no longer exists.

But other parts of the online identity that helped the FBI build its case remain.

Read the full criminal complaint against Thompson

Thompson’s Twitter posts show no inkling from the software developer that her name would soon be in the news, after Capital One disclosed the alleged hack Monday. A day earlier, Thompson was retweeting her usual mix of programmer jargon (“need to write a scraper for this”), Internet slang (“wrekt”) and other musings.

On Friday, Thompson was still mourning her cat. She tweeted that she couldn’t wash something because her beloved Millie had been euthanized on it. One of Erratic’s posts from the day before the Capital One hacking news broke simply said, “sigh.”

But privately, Thompson acknowledged the risks of what she was doing with Capital One data, according to court documents.

“Ive basically strapped myself with a bomb vest … dropping capitol ones dox and admitting it,” she wrote in a direct message to another Twitter user captured in images included in the criminal complaint.

Others Thompson interacted with online noted the danger of her alleged hacking exploits, too.

“don’t go to jail plz,” someone on the messaging Platform Slack told Thompson after she described the sensitive files she had, court documents state. But Thompson said she wanted the files off her server.

“I gotta find somewhere to store it,” she wrote.

Savvy by her own account in a litany of programming languages, operating systems and tools, Thompson was a systems engineer at Amazon Web Services for about a year and a half until the fall of 2016, according to a résumé posted online. Before working on issues such as automation and security updates at Amazon, the document indicates, she spent a decade in a host of other tech roles, rarely staying at the same company for more than one year. Some jobs were based in Washington; for others, she telecommuted. (Amazon founder Jeff Bezos owns The Washington Post.)

The education history on Thompson’s résumé is much sparser. For her 2005 and 2006 stint at Bellevue College in Washington state, there’s just a brief bullet point: “Left to pursue a career opportunity."

Read more:

Capital One says data breach affected 100 million credit card applications