- Canadian man arrested in connection with Snowflake data breach
- The breach affected hundreds of millions of customers
- This was likely a ‘credential stuffing’ attack
Canadian authorities have confirmed that an arrest has been made in connection to the significant breach of Snowflake earlier in 2024.
Alexander ‘Connor’ Moucka (aka Waifu and Judische) was taken into custody on October 30 following a request by US law enforcement, and is now due to appear in court. The exact nature of the charges are unknown, as extradition requests are considered confidential state-to-state communications, so both nations declined to comment.
Security firm Mandiant recently confirmed it was still monitoring ‘Judische’, who was still actively targeting software-as-a-service (Saas) organizations up until very recently. The group behind the original attack is said to be primarily from North America, with one member also in Turkey.
Extortion and data theft
Around 165 organizations had their sensitive data stolen in the attack, which used brute force tactics on the cloud storage provider to breach a series of organizations and extort as much as $3 million from them in total.
Snowflake claimed the breach was a result of a credential stuffing attack and did not originate inside its infrastructure. This suggests the attackers purchased login combinations (usually on the dark web) and essentially just tried countless logins until they found one that worked.
The attacks affected millions of people’s data, and breached companies including the likes of AT&T, Santander, and Live Nation Entertainment (Ticketmaster). Ticketmaster alone reported the loss of 500 million people’s data, making this one of the biggest data breaches in history.
Telecoms giant AT&T reportedly paid $370,000 for a member of the hacking team earlier in 2024 to provide evidence that they had deleted the stolen call records for tens of millions of customers.
Via Bloomberg
+ There are no comments
Add yours