- Canadian man arrested in connection with Snowflake data breach
- The breach affected hundreds of millions of customers
- This was probably a ‘credential stuffing’ attack
Canadian authorities have confirmed that an arrest has been made in connection with the significant Snowflake breach earlier in 2024.
Alexander ‘Connor’ Moucka (also known as Waifu and Judische) was taken into custody on October 30 following a request from US law enforcement authorities and is now due to appear in court. The exact nature of the charges is unknown as extradition requests are considered confidential communications between states, so both countries declined to comment.
Security firm Mandiant recently confirmed that it was still monitoring ‘Judische’, who until recently was still actively targeting Software-as-a-Service (Saas) organizations. The group behind the original attack is believed to be mainly from North America, with one member also from Turkey.
Extortion and data theft
The attack stole sensitive data from around 165 organizations, using brute force tactics on the cloud storage provider to compromise a range of organizations and extort a whopping $3 million from them in total.
Snowflake claimed that the breach was the result of a credential stuffing attack and did not occur within the infrastructure. This suggests that the attackers purchased login combinations (usually on the dark web) and essentially tried numerous logins until they found one that worked.
The attacks compromised the data of millions of people and breached companies including AT&T, Santander and Live Nation Entertainment (Ticketmaster). Ticketmaster alone reported the loss of 500 million people’s data, making this one of the largest data breaches in history.
Telecom giant AT&T reportedly paid $370,000 for a hacking team member earlier in 2024 to prove they had deleted the stolen call data of tens of millions of customers.
Via Bloomberg