November 5, 2024 at 10:22AM
Canadian authorities arrested Alexander “Connor” Moucka for allegedly stealing data from hundreds of millions by targeting over 165 organizations using compromised customer credentials via malware. This attack, affecting major companies, highlights vulnerabilities in multi-factor authentication at Snowflake, which has since implemented stricter security measures. Moucka awaits extradition hearing.
**Meeting Takeaways:**
1. **Arrest of Suspect:**
– Alexander “Connor” Moucka has been arrested in Canada for allegedly stealing data from hundreds of millions of individuals by targeting over 165 organizations using cloud storage services from Snowflake.
– The arrest was made at the request of the United States, and a provisional arrest warrant was issued on October 30, 2024.
2. **Court Appearance:**
– Moucka appeared in court and his case has been adjourned to November 5, 2024. Further details regarding his extradition are confidential and cannot be publicly discussed.
3. **Investigation Findings:**
– A joint investigation by Snowflake, Mandiant, and CrowdStrike revealed that the attacker exploited stolen customer credentials through infostealer malware. The targeted organizations did not have multi-factor authentication (MFA) configured on their accounts.
– This breach affected a subset of Snowflake’s customer base, specifically 165 organizations among a total of 9,400 customers.
4. **Impact on Major Companies:**
– High-profile companies impacted by the breaches include Mastercard, Micron, NBC Universal, Capital One, and others, resulting in data breaches affecting hundreds of millions of customers across various sectors.
5. **Specific Breach Incidents:**
– Ticketmaster confirmed a data theft incident affecting 560 million customers linked to its Snowflake account.
– AT&T reported a massive data breach involving the call logs of approximately 109 million mobile customers due to unauthorized access to its Snowflake account between April 14 and April 25, 2024.
6. **Snowflake Security Measures:**
– In response to these incidents, Snowflake has started enforcing MFA for all accounts created from October 2024 onwards and has increased password requirements to a minimum of 14 characters.