We now know the identities of the hackers behind the massive AT&T data breach – and we now know exactly how much data was stolen, too.
The U.S. has indicted two individuals, Connor Moucka and John Binns, according to new documents, for hacking third-party cloud data storage and analytics company Snowflake. The Snowflake hack led to data breaches at numerous companies using the platform such as AT&T, Ticketmaster, and more than 150 other corporations.
As TechCrunch pointed out in its report, while the victims are not mentioned by name in the indictment, the descriptions of the victims are quite clear in some cases. For example, AT&T is referred to as Victim-2, which is described as a "major telecommunications company located in the United States." The indictment states that the data breach occurred on April 14, aligning with AT&T’s original statement that it became aware of the breach on April 19.
New details of the data breach
New details have emerged about the Snowflake hack that led to the data breach, revealing information that was previously unknown.
For example, while AT&T originally said it would notify around 110 million customers who were affected by the data breach, it was unclear just how much data had been stolen. According to the indictment, Moucka and Binns extracted around 50 billion phone call and text message records, including dialed numbers.
While the content of those calls and texts weren't stolen, the records alone were apparently enough to extort affected customers. The two hackers extorted at least three victims, obtaining a total of 36 Bitcoin. The indictment says that the Bitcoin amount was worth $2.5 million at the time.
Furthermore, as previously reported, the hackers were able to get AT&T itself to pay $370,000 in exchange for deleting the data they stole.
Both Moucka and Binns have been arrested and are currently being held in custody.