Snowflake hackers charged with stealing 50 billion AT&T records

In partnership with

Welcome to the latest issue of The Breach Report, a cybersecurity newsletter from the creators of the Cybersecurity Careers Blog. Be sure to subscribe via email or RSS.

The fastest way to build AI apps

• Writer Framework: build Python apps with drag-and-drop UI

• API and SDKs to integrate into your codebase

• Intuitive no-code tools for business users

Start building with AI Studio

U.S. Department of Justice indicts Connor Moucka and John Binns of hacking

In June 2024, I reported along with major tech outlets that the Snowflake data breach had escalated to be regarded as one of the worst breaches ever. Now, the hacker duo responsible are both formally identified and charged.

The United States Department of Justice has publicly released its indictments against Connor Moucka and John Binns, two suspected cybercriminals allegedly responsible for hacking into Snowflake. Once the pair breached the vulnerable Snowflake instances, they exfiltrated data from at least ten organizations and received at least $2.5M in Bitcoin cryptocurrency payments.

Moucka was arrested in Canada last week, where he was living, and Binns was previously arrested and jailed in Turkey in July 2024. Binns is a U.S. citizen but was living in Turkey for unknown reasons.

Prosecutors confirmed that Moucka was known online as “judische,” “catist,” “waif,” and “cllyels.” Binns went by “irdev”and “j_irdev1337.”

Although the victims weren’t named in the indictment, it mentions a telecom provider, which aligns with AT&T as a victim.

In a separate breach unrelated to Snowflake, the same pair hacked T-Mobile in 2021, calling its security “awful,” stealing over 50 million customer records.

The Snowflake breach was massively damaging for both Snowflake and its victims. According to reports by 404 Media, over 165 Snowflake instances and organizations were said to be affected by the hacker duo. While not all Snowflake victims are made public, known organizations affected include Santander, Ticketmaster, LendingTree, and Advance Auto Parts.

AT&T Snowflake breach includes 50 billion customer text and call records

Wired reported in July 2024 that AT&T reportedly paid the hackers $370,000 not to release the stolen data but did so anyway.

With the recent news of Salt Typhoon, a PRC-linked cyber espionage group hacking major U.S. telecom providers like AT&T, T-Mobile, and Verizon, it’s easy to forget that AT&T has suffered other unrelated but highly damaging breaches in recent years.

It also speaks to the complexity and difficulty of securing infrastructure against various threats and vulnerabilities.

The Snowflake breach included over 50 million customer text and call records, comprising virtually all of AT&T’s customers, or 110 million people. According to forensic experts, Moucka and Binns were in the Snowflake instances for over six months, possibly longer.

The pair of hackers are believed to be associated with “The Com,” an online ecosystem that includes groups participating in cybercriminal activities, violence, extortion, kidnappings, shootings, and robberies, according to CyberScoop.

The full indictment is available for download below in Adobe PDF format.

Today’s Cyber Wall of Shame

Fix your security, Snowflake. Please.

Until next time…

Rob Waters
Founder
The Breach Report + Cybersecurity Careers Blog

P.S. - Do you want to start a newsletter yourself?
You can with beehiiv. Create one today with a free trial.
Disclaimer: The Breach Report may contain affiliate links. Read our Advertising policy page.