A detailed cybersecurity investigation has revealed how a loosely organised group of teenage hackers carried out one of the largest data breach campaigns of the decade, impacting at least 160 major organisations and exposing sensitive data of millions of Americans.
The network, known as “The Com”, operates mainly through English language online channels. It has been linked to the rebranded hacker group “Scattered Lapsus$ Hunters”, earlier known as “Shiny Hunters”, according to a Los Angeles based cybersecurity firm that has tracked the group since 2017. The cybersecurity firm infiltrated the network using honeytrap techniques to uncover its structure and operations.
The probe focused on a major breach at Snowflake, a cloud data warehousing platform used by leading US companies. Affected organisations included AT&T, Ticketmaster or Live Nation, Santander Bank, LendingTree, Advance Auto Parts, Neiman Marcus, and Bausch Health. The stolen data included personal information, medical prescriber DEA numbers, digital tickets, and over 50 billion AT&T call records. Call and text metadata of nearly all US customers was exposed.
The breach led the US Department of Justice to ask AT&T to delay disclosure due to national security concerns. AT&T later paid a ransom of ₹3.15 crore or $370000 to delete the data, as per reports.
Federal prosecutors have charged Connor Riley Moucka, 25, and John Erin Binns, 24, with conspiracy, computer fraud, extortion, wire fraud, and identity theft. Moucka was arrested in Canada in November 2024, while Binns was arrested in Turkey in May 2024 for a separate 2021 hacking case. Moucka’s trial is scheduled for October 19, 2026.
The investigation also involved Cameron John Wagenius, 20, a US Army soldier operating as “Kiberphant0m”. He was arrested in December 2024 for hacking 15 telecom firms while on duty. Court records show he leaked AT&T data linked to President Donald Trump and former Vice President Kamala Harris. His online searches raised serious counterintelligence concerns.
The FBI has warned about joining networks like “The Com”, which announces breaches via its Telegram channel “The Comm Leaks”. The network includes hacking, real world violence related groups, and extortion units that often target minors.
Attackers gained access using stolen credentials without multi factor authentication. The firm used honeytraps to expose the actors. “The actors recently mentioned the alias of Binns when their malicious attempt was successfully identified by the honeytrap account we deployed,” it said.
The cybersecurity firm warned that Binns may still be active and called for stronger international cooperation and counterintelligence measures to tackle evolving cyber threats.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
