Threat actor behind massive AT&T breach that leaked millions of call records nabbed in Canada

by · Android Police

Key Takeaways

  • Snowflake breach affected roughly 165 companies, including Ticketmaster, AT&T, Advance Auto Parts, Santander Bank, and more.
  • Alexander "Connor" Moucka has been detained in Canada in connection to the breaches.
  • Moucka reportedly threatened to sell customer data on dark web forums if his demands weren't met. There's no evidence to suggest that any of the data was actually sold.

Remember the AT&T breach from earlier this summer that leaked the call and text records of millions of its customers? Yep, the same one that the carrier giant blamed on a compromised third-party cloud platform? The reported perpetrator responsible for the breach has been detained, and it looks like they were behind a lot more than just the AT&T hack.

Related

Another data breach hits AT&T, this time leaking millions of call records

The carrier is blaming a third-party cloud platform

1

As shared by Bloomberg, Ticketmaster's parent company Live Nation, Advance Auto Parts Inc., Santander Bank, and more, have all suffered breaches linked to Snowflake. The broad scale of the breach suggests that information and data from as many as 165 companies employing Snowflake's services were compromised, starting in April this year.

Now, a Canadian individual, who goes by the online moniker Judische and Waifu, as suggested by 404Media, and reportedly named Alexander "Connor" Moucka has been taken into custody in connection with the breach, and while charges against Moucka aren't currently available, two sources close to the matter have confirmed that Moucka is indeed behind all the Snowflake-connected hacks. According to a statement from Ian McLeod, spokesperson for Canada’s Department of Justice, Moucka was arrested on Wednesday, October 30, and appeared in court later that day. His case had been adjourned to today, November 5.

According to Austin Larsen from Google's subsidiary cybersecurity firm Mandiant, "Alexander ‘Connor’ Moucka has proven to be one of the most consequential threat actors of 2024," threatening to sell customer data on dark web forums if his demands weren't met. Bloomberg suggests that someone claiming to be behind the attack contacted the company saying that they hope to get $20 million for all the data they had stolen. There's no evidence to suggest that any of the data was sold.

Adjourning the case until November 5 likely meant that the authorities gave Moucka some time to prepare a defense, while the authorities themselves organized evidence connecting him to the string of breaches and the eventual extradition (to the US) process. According to 404Media, Moucka did remotely appear in court today, but without a lawyer. "I’ll get one soon I think," he reportedly said. It is likely that an extradition hearing will take place at a later date, after which, Moucka will face trial in the US.