Snowflake Hackers Indicted After Wreaking Havoc for Ticketmaster

Snowflake Hackers Indicted After Wreaking Havoc for Ticketmaster

Photo Credit: Kasia Derenda

Two individuals have been indicted for the Snowflake hack which impacted 165 corporations—including Ticketmaster. Connor Moucka and John Binns are named in the indictment, although the companies are not explicitly mentioned.

Both men were indicted within the Western District of Washington for devising and executing “international computer hacking and wire fraud schemes” to hack into at least 10 victim organizations' protected computer networks, stealing sensitive information, and threatening to leak stolen data unless paid a ransom. The duo also offered the sale of information online.

“Through this scheme, the co-conspirators gained unlawful access to billions of sensitive customer records, including individuals' non-content call and text history records, banking, and other financial information, payroll records, DEA registration numbers, driver's license numbers, passport numbers, Social Security numbers, and other personally identifiable information (PII),” the indictment states.

While the corporations are not explicitly named in the indictment, it is easy to figure out who was affected. Victim-2 is listed as a major telecommunications company (AT&T), while Victim-4 is listed as a major entertainment company located in the United States (Ticketmaster).

The indictment says the pair started their criminal activity in or around November 2023 and continued through at least October 10, 2024. “It was the goal of the conspiracy for Mouka, Binns, and others to enrich themselves by accessing computers without authorization; stealing sensitive PII, financial, and other valuable information from those computers; and threatening to leak the stolen data unless the victims paid ransoms; and offered to sell stolen data online to other criminals.”

“Around April 14, 2024 to May 18, 2024, Moucka and Binns accessed [Ticketmaster’s] cloud computing instance without authorization. The duo searched within [Ticketmaster’s] cloud computing instance to obtain information without authorization. On May 27, 2024, an unidentified co-conspirator posted on a cybercriminal forum an offer to sell stolen data associated with hundreds of millions of [Ticketmaster] customers. The same day, the co-conspirators posted sample data, which included customer account numbers and residential address information.”

“Around May 24, 2024 through July 5, 2024, acting through an intermediary, the co-conspirators attempted to extort [Ticketmaster] to pay a ransom to prevent further publication of [Ticketmaster’s] stolen data online. On or about September 27, 2024, the co-conspirators caused stolen PII belonging to [Ticketmaster’s] customers, to be transferred to computers located in the western district of Washington.”

Connor Moucka was arrested in October 2024 in Canada at the request of the United States. John Binns was based in Turkey during the attacks. The two now face multiple counts for various cybercrime charges including wire fraud, securities fraud, conspiracy to commit fraud, unauthorized access and breach of computer systems, data theft, and privacy violations. The announced charges carry a penalty of 5 to 25 years of imprisonment each—adding up to more than 60 years if convicted.