Canadian Hacker Arrested for Hacking ‘Nearly All’ AT&T Accounts
According to Bloomberg, Canadian Alexander Moucka reportedly accessed Snowflake customer accounts using credentials stolen from online forums.
Cyberattack Suspect Detained
A suspect believed to be behind a series of cyberattacks targeting companies has been arrested in Canada, reports Bloomberg. Alexander “Connor” Moucka, 26, was detained on October 30 following a provisional arrest warrant issued at the request of the United States.
Targeted Companies
The cyberattacks impacted over 100 organizations, including AT&T and Ticketmaster, leading to the theft of personal data from millions of users. Other targeted companies include Lending Tree, Advance Auto Parts, and Neiman Marcus. AT&T declined to comment on the matter, while Live Nation did not respond to inquiries.
Suspect’s Modus Operandi
According to Krebs on Security, Moucka acquired stolen credentials from cybercriminal forums, betting that customers reused the same credentials elsewhere. He then used these access codes to infiltrate corporate client accounts of Snowflake, blackmailing them with threats to sell their data on criminal forums unless they paid. AT&T reportedly paid a $370,000 ransom to the hacker to delete the stolen data.
Snowflake’s Responsibility
Snowflake, a cloud data partner of AT&T, blamed its corporate clients for not implementing two-factor authentication. Brad Jones, Snowflake’s chief information security officer, told Bloomberg, “We face a broader challenge in the security community and businesses: many are not adhering to the basics.” However, Snowflake’s apparent lack of a two-factor security requirement is equally problematic, especially since the information of millions of clients was at stake.
The AT&T Hack
Last July, AT&T disclosed that “almost all” its customers were affected by the hack, suggesting that data of nearly all its subscribers had potentially been accessed by a cloud partner. In total, an estimated 110 million AT&T customers were impacted. Fortunately, AT&T confirmed that the breach did not include the content of calls or texts, but it did include phone numbers each account had interacted with, a tally of each call, text, and call duration, as well as cell site identification numbers, potentially allowing for user location triangulation, according to cybersecurity expert Javvad Malik.