Caught in the cloud: alleged AT&T hacker arrested in Canada

Canadian authorities have arrested Alexander "Connor" Moucka, following a US request for his arrest. He's suspected of being involved in hacks impacting numerous major customers of a company called Snowflake, used by AT&T to store the telco's data.

Moucka was taken into custody on October 30 under a provisional warrant. Details of the charges remain undisclosed, as the Canadian Department of Justice has labeled the extradition request as confidential.

Anonymous sources familiar with the case have linked Moucka to the Snowflake-related hacks. Neither Moucka nor his legal representatives were available for comment for Bloomberg, which reports the story, and both the FBI and US Justice Department declined to speak on the matter.

The hacks targeted companies including AT&T, Live Nation, and Advance Auto Parts in June and July, with the hacker or hackers attempting to extort these companies by threatening to sell stolen data on criminal forums. Cybersecurity analysts from Google report that stolen credentials, accessible on cybercriminal forums, were used to breach customer accounts that lacked multifactor authentication.

Earlier this year, an individual claiming responsibility for the hacks told Bloomberg via Telegram that they sought $20 million for the stolen data, though no evidence has emerged that the bulk data was sold. The attacks resulted in the theft of personal information belonging to millions of individuals.

What's the story?

Back in July 2024, AT&Tdisclosed that a major hack between May and October 2022 compromised customer call logs and phone numbers through a third-party cloud provider, Snowflake. This breach is separate from an April incident that affected 71 million users and involved older network data.

While the stolen data did not include sensitive details like names, addresses, or Social Security numbers, experts warn that call logs and numbers could still be matched with personal information using online tools, posing privacy concerns. This latest breach involves more recent records than the April incident, raising fresh concerns about potential misuse if sold on the Dark Web, where data from the previous breach allegedly ended up.

This got senators left and right asking questions about AT&T's actions.

US Senators Richard Blumenthal and Josh Hawley were pressing AT&T for answers on why it stored extensive call and text records on Snowflake, an "AI Data Cloud". In letters to AT&T’s CEO John Stankey and Snowflake, the senators questioned AT&T's reasons for retaining months of customer communication records and uploading this data to a third-party platform. They also requested details on AT&T’s data retention policies and use of Snowflake’s services.

AT& stated that cloud platforms like Snowflake enable crucial data analysis for network planning, efficiency, and customer service. AT&T added that its retention periods are based on business needs, legal obligations, and data type.

The breach, which cybersecurity firm Mandiant suggests could have been prevented, reportedly involved outdated passwords, firewall gaps, and a lack of multifactor authentication. In response, the senators demanded that AT&T explain how hackers accessed the Snowflake data and to fully disclose the breach’s impact on customer privacy.