A hacker suspected of involvement in a series of massive Snowflake-related hacks has been arrested in Canada, according to local authorities.
Ian McLeod, a spokesperson for the Canadian Department of Justice, told TechCrunch in an email that, “following a request by the United States, Alexander Moucka (a.k.a. Connor Moucka) was arrested on a provisional arrest warrant on Wednesday October 30, 2024.”
For months, hackers stole internal data from dozens of companies, including AT&T, Ticketmaster, Advanced Auto Parts, and around 165 other corporate customers who use Snowflake, a company that provides cloud services and data analysis to other companies. The hackers stole huge amounts of often personally identifiable and sensitive corporate data that companies stored in Snowflake, in part by using passwords stolen from employee computers with malware. Because Snowflake did not require its customers to use multi-factor authentication on their accounts, the hackers were able to break in and steal large volumes of data using just the employee passwords.
The hacker, who used the monikers Waifu and Judische, told 404 Media last month that they were expecting to be arrested soon. 404 Media reported Moucka’s arrest on Monday.
“I’ve destroyed a lot of evidence and well poisoned the stuff I can’t destroy so when/if it does happen it’s just conspiracy which I can bond out and beat,” Judische, the hacker who claimed the Snowflake hacks, told the independent news website last month.
McLeod said that Moucka appeared in court on October 30 and “his case was adjourned to Tuesday November 5, 2024.” McLeod declined to comment on a potential extradition to the United States.
Google spokesperson Mark Karayan said Moucka was the hacker responsible for the Snowflake breaches.
“With his co-conspirator, John Binns, having been arrested by Turkish authorities earlier this year as well, this means that both threat actors responsible for this campaign are now finally in custody,” Karayan said, referring to the arrest of the 21-year-old American hacker who told The Wall Street Journal that he was behind the AT&T hack.
Austin Larsen, a senior threat analyst at Google’s cybersecurity firm Mandiant, who has been investigating the Snowflake hacks, said that “Alexander ‘Connor’ Moucka has proven to be one of the most consequential threat actors of 2024.”
“This arrest serves as a deterrent to cybercriminals and reinforces that their actions have serious consequences,” said Larsen.
The U.S. Department of Justice did not respond to a request for comment.
This story has been updated to include statements from Google.