Snowflake hacker arrested over data breach and extortion

2 weeks ago

Canadian man arrested successful relationship pinch Snowflake information breach
The breach affected hundreds of millions of customers
This was apt a 'credential stuffing' attack

Canadian authorities person confirmed that an apprehension has been made successful relationship to nan significant breach of Snowflake earlier successful 2024.

Alexander ‘Connor’ Moucka (aka Waifu and Judische) was taken into custody connected October 30 pursuing a petition by US rule enforcement, and is now owed to look successful court. The nonstop quality of nan charges are unknown, arsenic extradition requests are considered confidential state-to-state communications, truthful some nations declined to comment.

Security patient Mandiant precocious confirmed it was still monitoring ‘Judische’, who was still actively targeting software-as-a-service (Saas) organizations up until very recently. The group down nan original onslaught is said to beryllium chiefly from North America, pinch 1 personnel besides successful Turkey.

Extortion and information theft

Around 165 organizations had their delicate information stolen successful nan attack, which utilized brute unit strategies connected nan unreality retention supplier to breach a bid of organizations and extort arsenic overmuch arsenic $3 cardinal from them successful total.

Snowflake claimed nan breach was a consequence of a credential stuffing onslaught and did not originate wrong its infrastructure. This suggests nan attackers purchased login combinations (usually connected nan acheronian web) and fundamentally conscionable tried countless logins until they recovered 1 that worked.

The attacks affected millions of people’s data, and breached companies including nan likes of AT&T, Santander, and Live Nation Entertainment (Ticketmaster). Ticketmaster unsocial reported nan loss of 500 cardinal people’s data, making this 1 of nan biggest information breaches successful history.

Telecoms elephantine AT&T reportedly paid $370,000 for a personnel of nan hacking squad earlier successful 2024 to supply grounds that they had deleted nan stolen telephone records for tens of millions of customers.

Sign up to nan TechRadar Pro newsletter to get each nan apical news, opinion, features and guidance your business needs to succeed!

Via Bloomberg