Advance Auto Parts recently confirmed that it has suffered a significant data breach. A threat actor, using the alias Sp1d3r, has stolen 3TB of sensitive data from the company’s Snowflake cloud storage account. The compromised data reportedly includes 380 million customer profiles, 140 million customer orders, and 44 million loyalty/gas card numbers. Employment candidate information, including Social Security numbers and demographic details, is also among the stolen data.
While the breach targeting the auto parts provider had been rumored since early June, Advance Auto Parts did not confirm they had fallen victim to an attack until an official regulatory SEC filing on Friday, June 14th. In the report, the company mentioned that they identified unauthorized activity within a third-party cloud database environment containing company data on May 23, 2024.
Despite this breach, they reported no material interruption to their business operations. The company is notifying affected individuals in accordance with legal obligations and is offering free credit monitoring and identity restoration services to victims as needed.
Why it matters: This breach is linked to a larger credential theft campaign targeting corporations with Snowflake accounts. Attackers used stolen credentials to access sensitive data from various high-profile companies, including Ticketmaster and Santander Bank, by exploiting accounts with disabled multi-factor authentication. Advance Auto Parts is now the latest victim to deal with the fallout of this attack targeting Snowflake-reliant companies. They are working to protect their customers and employees from identity theft and financial loss while also striving to prevent a loss of trust in the company.
- Threat Actor’s Claims: The threat actor, known under the username Sp1d3r, has posted on a hacking forum that he has stolen 3TB of data from Advance Auto Parts’ cloud server and is selling the stolen data for $1.5 million. This includes extensive customer and employee data and transaction details.
- Employee and Customer Data at Risk: The stolen data includes sensitive information for roughly 358,000 employees, significantly more than Advance Auto Parts’ current workforce, indicating that former employees’ data may also be included.
- Security Measures: Snowflake and cybersecurity firms like CrowdStrike and Mandiant are investigating the breach. Preliminary findings suggest attackers used stolen credentials to bypass security measures, targeting accounts with multi-factor authentication disabled.
Go Deeper -> Advance Auto Parts Says Hacker Selling Personal Data of Employees – Wall Street Journal
Advance Auto Parts Stolen Data for Sale After Snowflake Attack – Bleeping Computer