Jump to content

2024 Snowflake Inc data breach

From Wikipedia, the free encyclopedia

In 2024, two hackers affiliated with the hacking group UNC5537 aka Scattered Spider successfully accessed and stole information from Snowflake customer cloud instances [1] [2].

The hackers leveraged login credentials obtained from infostealers to access huge volumes of sensitive customer data uploaded to Snowflake accounts. These accounts were accessed using only a username and password, with no required form of multi-factor authentication[3]. Data on more than 160 Snowflake customers was stolen, including AT&T, LiveNation / TicketMaster, Santander, Lending Tree, Advance Auto Parts, Neiman Marcus, and Bausch Health [4] [5].

A report on the extortion attacks from Mandiant notes that Snowflake victim companies were privately approached by the hackers, who demanded a ransom in exchange for a promise not to sell or leak the stolen data [6]. The data stolen from different organizations included personal information on American citizens, more then 50 billion call logs from AT&T [7][2], medical prescriber DEA numbers, and private customer banking information [8].

Group Members

[edit]

The group consisted of two core members.

Waifu

[edit]

Connor Riley Moucka, 25, (aliases: Waifu, Judische, Ellyel8). Moucka was arrested by Kitchener, Ontario, Canada, police (at the request of the U.S.) on October 30, 2024. A Washington state court has issued an indictment on charges of conspiracy, computer fraud and abuse, extortion, and aggravated identity theft [8][9]. Moucka is currently awaiting trial for extradition to the United States [10].

IRDev

[edit]

John Erin Binns (alias IRDev, IntelSecrets), 24, was arrested in Turkey in late May 2024, and currently resides in a Turkish prison [11]. Binns is currently facing the threat of extradition to the United States, where he is currently wanted on criminal hacking charges tied to the 2021 T-Mobile data breach [12].

References

[edit]
  1. ^ Novet, Jordan (2024-07-12). "AT&T's massive data breach deepens crisis for Snowflake seven weeks after hack was disclosed". CNBC. Retrieved 2024-12-24.
  2. ^ a b Franceschi-Bicchierai, Lorenzo (2024-11-12). "Snowflake hackers identified and charged with stealing 50 billion AT&T records". TechCrunch. Retrieved 2024-12-24.
  3. ^ Whittaker, Zack (2024-06-05). "Hundreds of Snowflake customer passwords found online are linked to info-stealing malware". TechCrunch. Retrieved 2024-12-24.
  4. ^ Burgess, Matt. "The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever". Wired. ISSN 1059-1028. Retrieved 2024-12-24.
  5. ^ "Advance Auto Parts stolen data for sale after Snowflake attack". BleepingComputer. Retrieved 2024-12-24.
  6. ^ "UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion". Google Cloud Blog. Retrieved 2024-12-24.
  7. ^ Zetter, Kim. "AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records". Wired. ISSN 1059-1028. Retrieved 2024-12-24.
  8. ^ a b "Charges Unsealed Against Alleged Hackers of Snowflake Customers". Bloomberg.com. 2024-11-11. Retrieved 2024-12-24.
  9. ^ Monga, Robert McMillan and Vipal. "He Investigates the Internet's Most Vicious Hackers—From a Secret Location". WSJ. Retrieved 2024-12-24.
  10. ^ "Snowflake-Indc". www.documentcloud.org. Retrieved 2024-12-25.
  11. ^ "Snowflake Hacker Still Active, Finding New Victims, Expert Says". Bloomberg.com. 2024-09-20. Retrieved 2024-12-24.
  12. ^ "Canadian Man Arrested in Snowflake Data Extortions – Krebs on Security". 2024-11-05. Retrieved 2024-12-24.