The Snowflake data breach, which compromised sensitive information belonging to several high-profile companies, has taken a significant turn with the recent arrest of a 26-year-old man from Ontario, Canada. Alexander “Connor” Moucka was detained by Canadian authorities on October 30th, following a provisional arrest warrant from the United States. He was apprehended in Kitchener, a city located about 65 miles west of Toronto.
Although Moucka appeared in court, the specific charges against him have not been disclosed. Ian McLeod, a spokesperson for Canada’s Department of Justice, refrained from providing further details on the case due to the confidentiality of extradition requests.
Cybersecurity researchers have identified Moucka as a key player in the operation, connecting him to various online aliases such as “Judische” and “Waifu”. He is believed to have collaborated with another hacker, John Binns, in the attack on AT&T, which led to the exposure of personal data belonging to nearly all AT&T customers for a six-month period in 2022. Binns, who was previously indicted for an attack on T-Mobile, was arrested by Turkish authorities and is currently in custody.
The Snowflake data breach, which occurred between April and July of this year, affected numerous high-profile companies, including AT&T, Ticketmaster, and Santander. The hackers exploited weak security measures, such as the absence of multifactor authentication, to target customer accounts using stolen login credentials. It is estimated that over 165 organizations were impacted by the cyberattack.
To pressure their victims, the hackers threatened to sell the stolen data on the dark web. In July, AT&T disclosed a breach that exposed phone records for the majority of its customers, covering a six-month period from May to October 2022. The compromised data included phone numbers, call and text logs, as well as some location data associated with cell phone usage.
The breach was linked to AT&T’s use of the Snowflake platform, which revealed in May that a significant cyberattack had compromised customer data across multiple clients. An investigation by Mandiant revealed that attackers had exploited stolen login credentials to access Snowflake accounts, some of which had been compromised as early as 2020 through malware.
In a separate incident, the hacking group ShinyHunters claimed responsibility for stealing personal information belonging to millions of Santander bank customers and employees, as well as hacking 560 million customer accounts at Ticketmaster. The compromised data included full names, addresses, phone numbers, email addresses, ticket purchase histories, and partial payment details.
Snowflake, a cloud data platform serving numerous customers, including major companies like Adobe, Capital One, and PepsiCo, denied any security vulnerabilities within its platform. The company attributed the breaches to weak security on customer accounts rather than flaws in its own system, emphasizing the importance of robust security measures to prevent future breaches.