{
	"id": "2fd7aa90-33ae-4152-b187-7596bbd1f700",
	"created_at": "2026-04-06T00:18:32.295689Z",
	"updated_at": "2026-04-10T03:21:19.200358Z",
	"deleted_at": null,
	"sha1_hash": "c66664fd1a8afe7538da3d8bb475e67ebf6a0e2a",
	"title": "US indicts Snowflake hackers who extorted $2.5 million from 3 victims",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2651973,
	"plain_text": "US indicts Snowflake hackers who extorted $2.5 million from 3 victims\r\nBy Bill Toulas\r\nPublished: 2024-11-13 · Archived: 2026-04-05 20:35:53 UTC\r\nThe U.S. Department of Justice has unsealed the indictment against two suspected Snowflake hackers, who breached more\r\nthan 165 organizations using the services of the Snowflake cloud storage company.\r\nConnor Riley Moucka and John Erin Binns are accused of using credentials, obtained with the help of info-stealing\r\nmalware, to hijack Snowflake accounts that were not protected by multi-factor authentication\r\nMoucka and Binns exfiltrated terabytes of data from various companies and demanded ransom payments in exchange for\r\ndeleting the stolen information.\r\nhttps://www.bleepingcomputer.com/news/security/us-indicts-snowflake-hackers-who-extorted-25-million-from-3-victims/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/us-indicts-snowflake-hackers-who-extorted-25-million-from-3-victims/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nAccording to the indictment, the two hackers stole \"approximately 50 billion customer call and text records\" from a \"major\r\ntelecommunications\" company in the U.S. \r\nOne company fitting the profile that suffered a major data breach in the same timeframe as described in the indictment is\r\nAT\u0026T.\r\nAT\u0026T disclosed in July that call logs of 109 million customers were exposed during the incident and that the data was\r\naccessed from an online database on the company's Snowflake account.\r\nAs per the indictment, Moucka and Binns received around mid-May a ransom payment from the telco provider in the form\r\nof cryptocurrency.\r\nThey tried to hide the source and destination of the funds through \"a complex series of cryptocurrency transactions,\" which\r\nincluded converting the payments into Monero cryptocurrency.\r\nWith some victims, the attackers engaged in double extortion, where they tried to get a new ransom payment from a\r\nbreached company that had already paid the initial demand.\r\nThe court document notes that the two hackers and their co-conspirators extorted three victims for at least 36 Bitcoins, or\r\n$2.5 million at transaction time.\r\nApart from AT\u0026T, data breaches linked to Snowflake attacks affected hundreds of millions of individuals, customers\r\nof Ticketmaster, Santander, Pure Storage, Advance Auto Parts, Los Angeles Unified, QuoteWizard/LendingTree,\r\nand Neiman Marcus.\r\nTo make a profit with the data stolen from victims that did not pay the ransom, the hackers advertised it to potential buyers\r\non multiple hacking forums.\r\nMoucka (aka “Waifu” and “Judische”) was arrested in late October 2024 in Canada at the request of the United States, who\r\nsuspected the man of having masterminded the data theft operation that impacted over 165 organizations.\r\nThe other hacker was arrested in Turkey this year in May and his name is John Erin Binns (aka “irdev” and “j_irdev1337”),\r\nwho in 2021 claimed the major attack on T-Mobile and mocked the company's security in interviews to the media.\r\nThe two now face multiple counts for various cybercrime charges, including wire fraud, securities fraud, conspiracy to\r\ncommit fraud, unauthorized access and breach of computer systems, data theft, and privacy violations.\r\nIf convicted, the two could face significant prison sentences, as the announced charges carry from 5 to up to 25 years of\r\nimprisonment each, and a total of 60 years.\r\nAdditionally, the two will have their assets and proceeds seized by the government, including bank accounts, vehicles, real\r\nestate, and any other valuables obtained as a result of the alleged offenses.\r\nhttps://www.bleepingcomputer.com/news/security/us-indicts-snowflake-hackers-who-extorted-25-million-from-3-victims/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/us-indicts-snowflake-hackers-who-extorted-25-million-from-3-victims/\r\nhttps://www.bleepingcomputer.com/news/security/us-indicts-snowflake-hackers-who-extorted-25-million-from-3-victims/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/us-indicts-snowflake-hackers-who-extorted-25-million-from-3-victims/"
	],
	"report_names": [
		"us-indicts-snowflake-hackers-who-extorted-25-million-from-3-victims"
	],
	"threat_actors": [],
	"ts_created_at": 1775434712,
	"ts_updated_at": 1775791279,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c66664fd1a8afe7538da3d8bb475e67ebf6a0e2a.pdf",
		"text": "https://archive.orkl.eu/c66664fd1a8afe7538da3d8bb475e67ebf6a0e2a.txt",
		"img": "https://archive.orkl.eu/c66664fd1a8afe7538da3d8bb475e67ebf6a0e2a.jpg"
	}
}