3rd Party Risk Management , Governance & Risk Management , Incident & Breach Response

US Prosecutors Charge Hackers in Snowflake Data Theft

DOJ Accuses Alleged Hackers of Stealing Terabytes of Data From Snowflake Victims
US Prosecutors Charge Hackers in Snowflake Data Theft
Connor Moucka and John Binns face charges for allegedly stealing terabytes of data from Snowflake, a major cloud-based platform, impacting over 165 organizations. (Image: Shutterstock)

The U.S. Department of Justice on Wednesday unsealed an indictment against alleged hackers Connor Moucka and John Binns, accusing them of stealing terabytes of data from cloud platform Snowflake in a major breach impacting over 165 organizations and involving roughly 50 billion call and text records.

See Also: The Dark Side of AI: Unmasking its Threats and Navigating the Shadows of Cybersecurity in the Digital Age

Moucka was arrested earlier this month in Canada after Binns was detained in Turkey over a 12-count indictment from 2022 that charged him with hacking telecom giant T-Mobile the year prior (see: Canadian Cops Bust Suspected Hacker Tied to Snowflake Hits). Google Cloud's Mandiant incident response team began assisting Snowflake in June with investigating a breach by the group UNC5537, otherwise known as Scattered Spider, which stole data from approximately 165 customers, with millions of individuals affected from accounts lacking multi-factor authentication.

The indictment charges Moucka and Binns with stealing "approximately 50 billion customer call and text records" and successfully extorting "at least 36 bitcoin" - worth approximately $2.5 million at the time of payment. The alleged hackers generated revenue by "posting offers to sell victims' stolen data on cybercriminal forums for millions of dollars," the indictment reads.

Federal prosecutors say Moucka and Binns committed computer fraud and aggravated identity theft from November 2023 through October 2024, obtaining stolen access credentials to cloud computing services and downloading terabytes of private data, including text history records, banking and other financial information, Social Security numbers and other personally identifiable information.

"The co-conspirators gained unlawful access to billions of sensitive customer records," the indictment reads. Publicly identified victims from the Snowflake hack include Santander Bank, automotive parts supplier Advance Auto Parts, Live Nation Entertainment's Ticketmaster, Neiman Marcus, the Los Angeles Unified School District and Bausch Health.

Reports indicated the attackers behind the Snowflake hack began shaking down victims in June, demanding ransom and threatening to post sensitive data online (see: Victims of Snowflake Data Breach Receive Ransom Demands). Mandiant reported at the time that it had identified up to 10 Snowflake customers targeted by ransom demands ranging from $300,000 to $5 million.

The hackers demanded payments in cryptocurrency and "conducted complex cryptocurrency transfers in order to hide the source and destination of their funds," the indictment adds. Moucka and Binns allegedly used virtual asset service providers located across the globe, including in the United States, to carry out their transactions.


About the Author

Chris Riotta

Chris Riotta

Managing Editor, GovInfoSecurity

Riotta is a journalist based in Washington, D.C. He earned his master's degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.