Charges Unsealed for Alleged Hackers of Snowflake Customers

In This Article:

(Bloomberg) -- Charges were unsealed for two men suspected of carrying out cyberattacks against customers of Snowflake Inc., providing new details about the breaches.

Most Read from Bloomberg

Connor Riley Moucka, who lives in Canada, and John Erin Binns, who lives in Turkey, were indicted last month for their alleged roles in hacking into the computer networks of at least 10 organizations, stealing sensitive data, threatening to leak it unless the victims paid a ransom and offering it for sale to other criminals, according to prosecutors.

The cybercrimes took place between November 2023 and October 2024, and the attackers — who include Moucka, Binns and unnamed co-conspirators — accessed billions of call and text history records, banking and financial information, payroll data, Drug Enforcement Agency registration numbers, passport numbers, Social Security records and other personal information. They allegedly extorted $2.5 million worth of Bitcoin from three of their victims.

While the US doesn’t identify Snowflake or its customers who were attacked, the indictment description of “Victim-1” resembles the software company. The indictment describes Victim-1 as a US-based software-as-a-service provider that lets customers upload and store data in online storage environments.

Attorneys for Moucka and Binns couldn’t be reached for comment.

A representative for Snowflake declined to comment. The charges were unsealed on Friday, according to a person familiar with the case.

One of the other victims was a large US-based telecommunications company. The US accuses Moucka and Binns of accessing “approximately 50 billion customer call and test records, including dialed numbers, for commercial advantage.” A major retailer, an entertainment company and a health-care provider are also listed as victims, along with a company in Europe that had personnel in the US, according to the indictment.

Companies including AT&T Inc., Live Nation Entertainment Inc. and Advance Auto Parts Inc. have previously disclosed that they’d been affected by the attacks in June and July.

The hackers used software they described as “rapeflake” to access the cloud-computing environment of their victims, according to prosecutors.

Bloomberg first reported the Oct. 30 arrest of Moucka in Kitchener, Ontario, after three people familiar with the case confirmed he was linked to the attacks.