In late October 2024, Canadian hacker Alexander Moucka, also known as Connor Moucka, was arrested for allegedly leading a group responsible for significant data breaches targeting Snowflake customers.

The breaches affected numerous high-profile organizations, including Ticketmaster, Santander Bank, Anheuser-Busch, and AT&T, among others.

Snowflake disclosed the data breach in June 2024, revealing that the financially motivated group UNC5537 had targeted approximately 165 organizations using stolen credentials.

An investigation by Mandiant, a cybersecurity firm, determined that the attackers accessed accounts using previously compromised credentials from information-stealer infections.

Snowflake's Chief Information Security Officer criticized affected companies for failing to implement basic security measures, such as multi-factor authentication, which could have mitigated the breaches.

The cyberattacks resulted in the theft of 170,000 concert tickets for Taylor Swift performances from Ticketmaster, which the hackers distributed.

AT&T confirmed a significant breach in July 2024, where the personal data of approximately 110 million customers was compromised, leading the company to pay $370,000 to delete the stolen data.

Moucka reportedly exploited reused passwords and accessed stolen credentials from cybercriminal forums to log into corporate accounts and extort companies.

Evidence suggests that Moucka was involved in harmful online communities that targeted minors and engaged in various forms of online harassment and extortion.

Despite attempts to mislead investigators, security researcher Allison Nixon noted that Moucka's operational security mistakes may have contributed to his identification by law enforcement.

Moucka's potential extradition to the United States remains unconfirmed, as he faces multiple sealed indictments from US prosecutors.

The arrest followed months of investigation by cybersecurity researchers and coordination with international law enforcement agencies.