The U.S. government has accused Connor Mooka and John Binns of hackers who broke into AT&T's systems and stole records of approximately 50 billion customer calls and text messages.
AT&T said in July that hackers stole the call records of “nearly all” of its cellphone and landline customers, as well as call and text message records, including who called and texted whom, but not the messages. He announced that he did not steal any of the content. At the time, AT&T notified about 110 million AT&T customers of the breach, saying records were stolen from systems hosted on Snowflake, which provides cloud services for data analysis.
The total number of AT&T customer records stolen was unknown until the Justice Department indicted two hackers on Sunday.
The document does not mention AT&T. Instead, it refers to “Victim-2” and describes it as a “major telecommunications company located in the United States” that was compromised on or about April 14th. When AT&T previously confirmed it had been breached, the company said it learned about the hack in April.19 This means that both the description of what kind of company Victim-2 is and the date of its breach This is consistent with what AT&T has announced publicly, meaning that we are almost certain that Victim-2 is indeed AT&T.
AT&T and the Department of Justice did not initially respond to requests for comment.
Contact Us Do you have more information about the AT&T breach? Or other Snowflake-related breaches? From a non-work device, on Signal (+1 917 257 1382), or on Telegram and Keybase @lorenzofb, or by email at Lorenzo Franceschi – You can contact Bicchierai securely. You can also contact TechCrunch via SecureDrop.
In all, according to the indictment, Mooka and Binns accessed “billions of confidential customer records” and obtained at least 36 Bitcoins from at least three victims over nearly a year (approx. succeeded in extorting $2.5 million. From around November 2023 to October 10 of this year.
Prosecutors said Muka, who lived in Canada, was also known online as “Jew,” “Catist,” “Waif,” and “Kriel,” while Binns, who lived in Turkey, was known as “irdev” and “j_irdev1337.” It was also known as “. Muka was arrested in Canada last week. According to 404 Media, Binns was previously arrested in Türkiye.
In August, Binns took credit for the AT&T breach in the Wall Street Journal. Mooka, who goes by the nickname “Judith,” told 404 Media that he would be arrested soon.
AT&T is just one of several victims who had sensitive data stolen from Snowflake instances. Over the past few months, hackers have also breached Santander Bank, Ticketmaster, and about 165 other customer companies. All of these companies use Snowflake.
Prosecutors allege that by infiltrating the victim companies' Snowflake instances, the hackers stole large amounts of sensitive personal and corporate data, including Social Security numbers, driver's license numbers, passport numbers, and banking information. These Snowflake-related breaches are part of a major incident. Worst cyber attack of the year. In some cases, the hackers demanded a ransom from the victims by threatening to divulge the stolen information, and then continued to blackmail them.
Wired previously reported that AT&T paid hackers $370,000 to have stolen records deleted. Prosecutors said in the indictment that Victim-2 paid the hackers a ransom.