Snowflake hacker arrested over data breach and extortion

Security padlock and circuit board to protect data

(Image credit: Getty Images)

Canadian man arrested in connection with Snowflake data breach
The breach affected hundreds of millions of customers
This was likely a 'credential stuffing' attack

Canadian authorities have confirmed that an arrest has been made in connection to the significant breach of Snowflake earlier in 2024.

Alexander ‘Connor’ Moucka (aka Waifu and Judische) was taken into custody on October 30 following a request by US law enforcement, and is now due to appear in court. The exact nature of the charges are unknown, as extradition requests are considered confidential state-to-state communications, so both nations declined to comment.

Security firm Mandiant recently confirmed it was still monitoring ‘Judische’, who was still actively targeting software-as-a-service (Saas) organizations up until very recently. The group behind the original attack is said to be primarily from North America, with one member also in Turkey.

Extortion and data theft

Around 165 organizations had their sensitive data stolen in the attack, which used brute force tactics on the cloud storage provider to breach a series of organizations and extort as much as $3 million from them in total.

Snowflake claimed the breach was a result of a credential stuffing attack and did not originate inside its infrastructure. This suggests the attackers purchased login combinations (usually on the dark web) and essentially just tried countless logins until they found one that worked.

The attacks affected millions of people’s data, and breached companies including the likes of AT&T, Santander, and Live Nation Entertainment (Ticketmaster). Ticketmaster alone reported the loss of 500 million people’s data, making this one of the biggest data breaches in history.

Telecoms giant AT&T reportedly paid $370,000 for a member of the hacking team earlier in 2024 to provide evidence that they had deleted the stolen call records for tens of millions of customers.

Via Bloomberg

Take a look at our picks for best identity theft protection
The Snowflake breach tells us that passwords aren't enough
Check out our choices for best malware removal

The TechRadar hive mind. The Megazord. The Voltron. When our powers combine, we become 'TECHRADAR STAFF'. You'll usually see this author name when the entire team has collaborated on a project or an article, whether that's a run-down ranking of our favorite Marvel films, or a round-up of all the coolest things we've collectively seen at annual tech shows like CES and MWC. We are one.