Suspected Snowflake hacker Alexander Moucka facing extradition to the United States over Ticketek data breach

Headshot of Kristin Shorten
Kristin Shorten
The Nightly
A man allegedly involved in a data hack that involved Ticketmaster customers is facing extradition to the US.
A man allegedly involved in a data hack that involved Ticketmaster customers is facing extradition to the US. Credit: AP

A man who bragged online about extorting some of the world’s largest corporations after allegedly committing this year’s most far-reaching data breach is now sitting in jail, facing extradition to the United States and applying for legal aid.

The Canadian Department of Justice confirmed that, following a request by the United States, Alexander “Connor” Moucka was arrested on a provisional arrest warrant last week.

“As extradition requests are considered confidential state-to-state communications, we cannot comment further on this case,” a DOJ spokesperson said.

Sign up to The Nightly's newsletters.

Get the first look at the digital newspaper, curated daily stories and breaking headlines delivered to your inbox.

Email Us
By continuing you agree to our Terms and Privacy Policy.

The charges against Mr Moucka have not been released but he is suspected of being responsible for a string of breaches involving a cloud services provider, Snowflake.

This hack was one of the biggest in history due to the scale of personal data stolen in the breaches.

KrebsOnSecurity is reporting that Mr Moucka is currently named in multiple indictments issued by U.S. prosecutors and federal law enforcement agencies however the details all remain under seal.

Snowflake is a data warehousing tool where companies store massive amounts of information.

Over a number of months, more than 165 Snowflake customers — including AT&T, Santander bank, Ticketmaster owner Live Nation Entertainment, Ticketek owner TEG, Lending Tree, Advance Auto Parts and Neiman Marcus – had their data exposed or stolen.

As a part of the Snowflake hacking spree, Mr Moucka is suspected to have stolen the personal information of millions of Australians who held accounts with Ticketmaster and Ticketek.

After stealing the data, Mr Moucka — who used online handles including Judische and Waifu — allegedly tried to extort the companies he had breached.

They were threatened that if ransoms were not paid, the stolen personal data would be posted online.

Some companies, such as AT&T, paid hackers to delete their stolen records.

There are reports Mr Moucka succeeded in extorting millions.

Since then a months-long international investigation involving cybersecurity researchers and international law enforcement, including the Australian Federal Police, identified Moucka as the suspected Snowflake hacker and traced him to Kitchener, Ontario, where he was arrested on October 30.

Troy Hunt, founder and CEO of Have I Been Pwned, said the Ticketek breach revealed 17 million email address.

“It’s one of the largest breaches we’ve had in Australia,” he said.

“The arrest doesn’t really change anything in that the data is already out there and we can never get it back.

“Having said that, it’s nice to see justice being done.

“As Aussies, we should all be happy that cyber criminals get arrested.”

There are believed to be other members of Moucka’s cybercriminal gang who remain at large.

On Wednesday Mr Moucka faced an extradition hearing in Ontario’s Superior Court of Justice.

The 26-year-old software engineer appeared remotely via an audio link from prison.

Moucka told the court he did not yet have a lawyer but “I’ll get one soon I think”, according to 404 Media.

The court then heard Moucka would have to apply for legal aid.

The AFP said it was “aware of this matter” but “has no comment”.

Latest Edition

The Nightly cover for 23-12-2024

Latest Edition

Edition Edition 23 December 202423 December 2024

From Grammar to gulag: Oscar Jenkins, a cricket loving university lecturer just became a Russian prisoner of war.