The Capital 1 data hacker exploited a weakness security experts have warned about for years.

Former Amazon.com employee Paige Thompson is accused of the massive theft of 106 million Capital 1 records. Some may belong to Chronicle readers.

She is believed to have found an opening in Capital 1’s system and exploited misconfigured networks, a Wall Street Journal analysis of hundreds of online messages found.

Security experts for years warned about a gap which suggests she tricked a system in the cloud to uncover the sensitive credentials she needed to access millions of customer records.

In online messages, she claimed she used those techniques to access online data from other organizations.

Thompson tapped into a central piece of Amazon’s cloud technology known as its metadata service. It holds credentials and data needed to manage servers in the cloud, a tech equivalent to the keys to a bank vault.

Thompson scanned the internet for vulnerable computers to give her access to internal networks. In layman’s terms, she knocked on front doors to find unlocked ones.

She found a door into a Capital 1 computer with weak security settings.

Through that opening, she requested the credentials needed to find and read Capital 1’s cloud-stored data from a system on the Amazon cloud where the information was stored.

When she found Capital 1’s unlocked door, she downloaded millions of records, apparently without triggering any alerts.

Amazon officials said none of their services caused the break-in, and they will offer monitoring tools designed to detect such incidents.

Capital 1 said it has fixed the configuration problem.

Thompson is being held for a bail hearing next week.