AT&T Hacker Arrested: How the Cybersecurity Landscape Evolved Post-Snowflake Breach

cybersecurity, data protection, AI

Over 160 of the world’s largest enterprises had their data stolen this year. All by the same attack strategy.

Each of the businesses, ranging from AT&T and Santander Bank to Advance Auto Parts and Ticketmaster parent company LiveNation, had uploaded massive volumes of sensitive customer data to accounts hosted by cloud data service Snowflake but protected those accounts with little more than a username and password, failing to take further steps like requiring multi-factor authentication (MFA).

That might as well have been a bullseye for scammers.

After acquiring stolen Snowflake account credentials on criminal forums like Telegram and the dark web, a hacker raided the data storage repositories. They then used the theft of millions of people’s personal data to extort the companies, demanding ransom payments ranging from $300,000 to $5 million in exchange for promises not to sell or abuse the data.

But the story has a happy ending. On Monday (Nov. 4), a report broke that 26-year-old man from Ontario, Alexander Moucka, a.k.a. Connor Riley Moucka, was arrested by Canadian authorities on a provisional arrest warrant from the United States. While the charges Moucka is being specifically indicted for remain confidential, the report places him as the suspect behind the far-reaching Snowflake data breach.

That same day, Monday, cloud provider Google Cloud announced that it was planning to make MFA mandatory 100% of its cloud customers by 2025, with Phase 1 already having begun. Around 70% of Google Cloud customers already use MFA to secure their federated accounts.

Still, the fact that for the months during which the Snowflake breaches were occurring, at least 30% of Google Cloud’s customers found themselves in the same vulnerable security position as the Snowflake victims, without MFA account protection, underscores that, while advances are continually being made, the enterprise cybersecurity landscape still has room to do more when it comes to securing sensitive — and valuable — information.

Read more: Almost All of AT&T’s Wireless Customers Hacked as Snowflake Breach Snowballs

What’s in MFA, Anyway?

As businesses across sectors increasingly migrate sensitive operations to the cloud, MFA has emerged as a non-negotiable defense against unauthorized access. It acts as a first-line barrier to protect against the common vulnerabilities that attackers often exploit in credential-based attacks.

American cybersecurity firm and Google subsidiary Mandiant investigated the Snowflake attack and reported that the threat campaign resulted in “numerous successful compromises” because of poor security practices on impacted accounts.

While Snowflake’s data breach was specific to its platform, a similar lack of MFA protection affected a much broader swath of the enterprise cloud landscape.

As PYMNTS wrote Friday (Nov. 1), with MFA, even if a hacker manages to obtain a password, they would need the additional authentication factor to gain access to the account. MFA requires users to confirm their identity using two or more authentication factors.  This generally includes something they know (such as a password), something they have (like a smartphone or security token) or something they are (such as a fingerprint or facial recognition).

An absence of MFA essentially weakens an organization’s defenses, increasing the potential for breaches that can lead to financial and reputational damage.

Read also: Firms Look to Mitigate Consequences From Data Breaches

The Industry’s Response and Ongoing Challenges

While many enterprises understand the importance of MFA, some are reluctant to adopt these cybersecurity controls due to usability concerns, increased friction in user experience, or perceived costs.

This highlights a dual challenge in cybersecurity: Educating clients about the necessity of security measures while implementing safeguards that do not hinder productivity or user accessibility. Technology companies find themselves balancing the need for airtight security with the need to maintain streamlined access for legitimate users.

“What you want is a system that is designed to let in good actors as easily as possible, and that presents enough of a barrier to deter bad actors,” Siddharth Vijayakrishnan, SVP of product and financial intelligence at FIS, told PYMNTS.

Today’s threat actors are sophisticated, leveraging artificial intelligence (AI), social engineering and automation to exploit system weaknesses at unprecedented speeds. While MFA can prevent many common breaches, it is not a cure-all; organizations must adopt a multi-layered approach that includes identity and access management (IAM), endpoint protection, network monitoring and behavioral analytics to catch abnormal activity before it escalates.

“The barrier for entry has never been lower for threat actors,” Sunil Mallik, chief information security officer at Discover Global Network, told PYMNTS.

In separate interviews for the “What’s Next in Payments” series, executives also told PYMNTS that a multilayered security strategy, also known as defense in depth, is crucial for reducing risks at various levels. This approach means implementing multiple defensive measures across the enterprise network.

By embedding security into the DNA of their services providers can help to shield businesses from both known and emerging threats.