The US government has officially charged two hackers accused of stealing 50 billion customer records from AT&T and other major companies.
What happened
The United States has formally charged two hackers, Alexander Connor Moucka and John Binns, for their involvement in the data breaches targeting AT&T and other corporations, resulting in the theft of over 50 billion customer records. Moucka was detained in Canada just before Halloween, while Binns was apprehended by Turkish authorities earlier in May, months before AT&T revealed the extent of the hack. The U.S. Department of Justice filed an indictment naming both men as the orchestrators of these high-profile breaches.
Going deeper
The hackers employed multiple infostealer malware campaigns to infiltrate and compromise customer systems. Once inside, they accessed and extracted data from over a hundred corporate accounts on Snowflake’s cloud storage, breaching entities like Ticketmaster, AT&T, Santander Bank, and Advance Auto Parts. The Ticketmaster incident alone affected more than half a billion people.
The indictment refers to AT&T as ‘Victim-2,’ without explicitly naming the company. However, the breach timeline aligns with AT&T’s disclosure, suggesting that AT&T’s customer records were a primary target. Information accessed included sensitive data such as call logs, banking information, payroll records, Social Security numbers, and more. The hackers not only infiltrated data but also extorted at least three victims for a total of 36 bitcoins, worth around $2.5 million at the time.
What was said
The indictment specifies that the hackers monetized the stolen data by posting it for sale on cybercriminal forums. Wired previously reported that AT&T had paid a hacker $370,000 to delete the stolen data, and the indictment confirms that ‘Victim-2’ did indeed pay a ransom. This suggests that some victims were compelled to engage with the attackers to limit the damage.
The big picture
A breach on this scale reveals how exposed data can be, bringing real costs for both companies and consumers. For organizations like AT&T, this is a wake-up call about the responsibility to protect customer information, especially as cybercriminals continue to target cloud storage. The case also sends a strong message: even across borders, hackers aren’t beyond reach, with global accountability becoming a priority for U.S. authorities.
FAQs
What is a data breach?
A data breach is an incident where sensitive, protected, or confidential data is accessed, disclosed, or stolen by unauthorized individuals. This can include personal information such as names, social security numbers, credit card details, and medical records. Data breaches can occur through various means, such as hacking, malware attacks, insider threats, or inadequate security measures.
What is an info stealer?
An info stealer is a type of malicious software designed to collect personal data, such as passwords, credit card numbers, and other sensitive information from a user's device. Once collected, this information can be used for fraud or sold on the dark web.
What is an indictment?
An indictment is a formal accusation made by a grand jury stating that there is enough evidence to charge someone with a crime. It’s the first step in formally starting a criminal case, though the person is presumed innocent until proven guilty in court.
Farah Amod
