Snowflake data breach compromised sensitive information belonging to several leading companies

A major breakthrough in the Snowflake data breach investigation has led to the arrest of a 26-year-old man from the state of Ontario, Canada.

Following a provisional arrest warrant from the United States, Canadian authorities arrested Alexander “Connor” Moucka on October 30. He was arrested in Kitchener, a town about 65 miles west of Toronto.

Moucka appeared in court on Tuesday, although the exact charges against him were not disclosed.

“Given that extradition requests are considered confidential communications between states, we cannot comment further on this matter,” said Ian McLeod, a spokesperson for Canada’s Department of Justice. said Bloomberg.

Cybersecurity researchers identified Moucka as a key figure in the operation, linking him to several online nicknames, including “Judische” and “Waifu.”

Moucka is suspected of collaborating with another hacker, John Binns, in the attack on AT&Twhich exposed the personal data of almost all of its customers during a six-month period in 2022.

Binns, who was indicted for a previous attack on T-Mobile, was arrested by Turkish authorities and remains in custody.

The Snowflake data breach, revealed between April and July of this year, compromised sensitive information belonging to several high-profile companies, including AT&T, Ticketmaster and Santander.

The hackers, who exploited weak security measures like the lack of multi-factor authentication, targeted customer accounts using stolen login credentials.

It is estimated that more than 165 organizations were affected by the cyberattack.

In an attempt to extort their victims, the hackers threatened to sell the stolen data on the dark web.

In July, US telecommunications giant AT&T reported a breach that exposed the phone records of “nearly all” of its customers.

The compromised data covered a six-month period from May to October 2022, with a small number of records from January 2023 also affected. The information included phone numbers, call and text message logs, and some location data related to cell phone use.

The breach involved AT&T’s use of the Snowflake platform, which revealed in May that a major cyberattack had compromised customer data for several customers.

According to an investigation by Mandiant, the attackers exploited stolen login credentials to gain access to Snowflake accounts. Some of these credentials, compromised as early as 2020 by malware, were still active despite their age.

In June, the notorious hacker group ShinyHunters claimed to have stolen personal information belonging to millions of people. Customers and employees of Santander Bank.

The group also took responsibility for hacking 560 million customer accounts at Ticketmaster, claiming to have accessed full names, addresses, phone numbers, email addresses, ticket purchase histories and partial payment details, including the last four digits of credit card numbers and expiration dates. .

Snowflake’s cloud data platform, which serves 9,437 customers including large enterprises such as Adobe, AT&T, Capital One, HP, Mastercard, Okta, PepsiCo and Western Union, was involved in these incidents.

Snowflake has denied any security vulnerabilities within its platform, attributing the breaches to poor customer account security rather than flaws in its own system.