Charges Unsealed for Alleged Hackers of Snowflake Customers

50 billion call and text records were stolen from one victim, U.S. says.

Bloomberg News

November 12, 2024

2 Min Read
logo for snowflake on a laptop screen
Bloomberg

(Bloomberg) -- Charges were unsealed for two men suspected of carrying out cyberattacks against customers of Snowflake Inc., providing new details about the breaches.

Connor Riley Moucka, who lives in Canada, and John Erin Binns, who lives in Turkey, were indicted last month for their alleged roles in hacking into the computer networks of at least 10 organizations, stealing sensitive data, threatening to leak it unless the victims paid a ransom and offering it for sale to other criminals, according to prosecutors.

The cybercrimes took place between November 2023 and October 2024, and the attackers — who include Moucka, Binns and unnamed co-conspirators — accessed billions of call and text history records, banking and financial information, payroll data, Drug Enforcement Agency registration numbers, passport numbers, Social Security records and other personal information. They allegedly extorted $2.5 million worth of Bitcoin from three of their victims.

While the US doesn’t identify Snowflake or its customers who were attacked, the indictment description of “Victim-1” resembles the software company. The indictment describes Victim-1 as a US-based software-as-a-service provider that lets customers upload and store data in online storage environments. 

Related:Multifactor Authentication Is Not Enough to Protect Cloud Data

Attorneys for Moucka and Binns couldn’t be reached for comment.

A representative for Snowflake declined to comment. The charges were unsealed on Friday, according to a person familiar with the case.

One of the other victims was a large US-based telecommunications company. The US accuses Moucka and Binns of accessing “approximately 50 billion customer call and test records, including dialed numbers, for commercial advantage.” A major retailer, an entertainment company and a health-care provider are also listed as victims, along with a company in Europe that had personnel in the US, according to the indictment. 

Companies including AT&T Inc., Live Nation Entertainment Inc. and Advance Auto Parts Inc. have previously disclosed that they’d been affected by the attacks in June and July.

The hackers used software they described as “rapeflake” to access the cloud-computing environment of their victims, according to prosecutors.

Bloomberg first reported the Oct. 30 arrest of Moucka in Kitchener, Ontario, after three people familiar with the case confirmed he was lined to the attacks.

About the Author

Bloomberg News

The latest technology news from Bloomberg.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like