Federal prosecutors have charged Connor Moucka and John Binns with hacking into AT&T systems and stealing about 50 billion customer call and text records. The records contained metadata showing who contacted whom, but not the actual content of the messages. AT&T said it will notify around 110 million customers about the breach.
The company stated that the data was stolen from its systems hosted on a cloud services provider that specializes in data analysis. The total number of stolen AT&T customer records was not known until the Department of Justice filed an indictment against Moucka and Binns on Sunday. The document does not name AT&T directly, but refers to “Victim-2,” a major U.S. telecom company that was breached around April 14.
AT&T had publicly confirmed the breach, which matches the dates in the indictment. This suggests that Victim-2 is indeed AT&T. According to prosecutors, Moucka and Binns accessed billions of sensitive customer records.
They successfully extorted at least three victims for a total of 36 bitcoin (about $2.5 million at the time) over nearly a year, from November 2023 to October 2024. Moucka, who lived in Canada, was known online by various aliases.
Charges filed for AT&T breach
Binns, based in Turkey, was known by his own set of fake names. Binns had been arrested in Turkey before. AT&T is one of several victims affected by breaches of their cloud instances.
In recent months, hackers have broken into multiple companies using this cloud services provider. They stole sensitive personal and corporate data, including social security numbers, driver’s license numbers, passport numbers, and banking information. These incidents are major breaches linked to the provider’s cloud services.
In some cases, the hackers demanded ransoms and threatened to release the stolen data. AT&T reportedly paid a hacker $370,000 in an attempt to get the stolen records deleted. The indictment shows that Victim-2 paid a ransom to the hackers.
Prosecutors are still investigating these breaches. The incidents highlight the growing risks in cloud-hosted data systems and the major threats posed by cybercriminals.