Two men have been arrested and charged with the breach of Snowflake, a cloud-based third-party server, back in May. This massive breach impacted around 165 corporations that utilized its services, such as AT&T and TicketMaster. Taking advantage of the fact that Snowflake did not require customers to add MFA to their accounts, the hackers stole huge amounts of corporate data just by using passwords stolen from employee computers with the aid of malware.
Until now, the full extent of the breach was unknown, but the US Department of Justice’s indictment against the two hackers reveals it.
The hackers behind the breach
Alexander Moucka, also known as Connor Moucka, was arrested by Canadian authorities following a request by the United States on October 30. TechCrunch reports that he used the monikers Waifu and Judische online and had previously claimed to be behind the breaches. His co-conspirator, John Binns, also known as “irdev”and “j_irdev1337” online, an American in Turkey, was also arrested earlier this year.
According to KrebsonSecurity there is a third suspect, a prolific hacker that calls themselves Kiberphant0m. The suspect’s online footprint suggestion suggests they are a soldier in the US army who was recently stationed in South Korea.
New details of the breach revealed
While there had previously been estimates about the damage done by the two hackers, the Department of Justice’s recently filed indictment sheds new light on the situation, particularly regarding AT&T. TechCrunch surmises that “Victim-2” described in the indictment is likely AT&T, as it is described as a telecommunications company located in the US. It learned of the hack on April 19, which aligns with what we know about that particular breach.
Previously AT&T said that nearly all of its cellular and landline customers’ records had been stolen. In the indictment, the exact number was revealed to be 50 billion. A great deal of sensitive corporate and personal data was stolen, including passport numbers, banking details, and social security numbers.
The indictment also discusses how some victims had their sensitive information held for ransom, with hackers threatening to release it to the public if they didn’t pay up. In some cases, the hackers followed through with their threats and released victims’ private information to the general public.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.