Hackers breach Advance Auto Parts through Snowflake
Learn More
Hackers claim a major data breach on Advance Auto Parts, an automotive aftermarket parts provider.
Threat actors, using the alias Sp1d3r, claim to have stolen 3TB of data from the company's Snowflake cloud storage environment. The breach affects Advance Auto Parts' extensive network, which includes 4,777 stores, 320 Worldpac branches, and services to 1,152 independently owned Carquest stores across multiple regions including the United States, Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and various Caribbean islands.
The stolen data reportedly includes:
- 380 million customer profiles (names, emails, mobile numbers, phone numbers, addresses, and more)
- 140 million customer orders
- 44 million loyalty/gas card numbers (with associated customer details)
- Auto parts and part numbers
- Sales history
- Employment candidate information including Social Security numbers, driver's license numbers, and demographic details
- Transaction tender details
- Information on 358,000 employees (though the company currently employs around 68,000, indicating the inclusion of data from former employees and associates)
This dataset is being sold on a hacking forum for $1.5 million. Security researchers have verified the legitimacy of a significant portion of the customer records.
Advance Auto Parts has not yet publicly acknowledged this breach.
Update - as of 19th of June 2024, Advance Auto Parts confirmed it suffered a data breach. "On May 23, 2024, Advance Auto Parts, Inc. (the "Company") identified unauthorized activity within a third-party cloud database environment containing Company data and launched an investigation with industry-leading experts. On June 4, 2024, a criminal threat actor offered what it alleged to be Company data for sale. The Company has notified law enforcement."
The stolen files appear to contain personal information for current and former employees and job applicants, including social security numbers and other government identification numbers.
As of 11th of July 2024, in a filing with the Maine Attorney General’s Office the company stated that more than 2.3 million people are affected by the breach.
The data theft is part of a broader campaign targeting Snowflake customers since mid-April 2024. Snowflake’s cloud services are utilized by numerous high-profile companies, and several have allegedly paid to recover their data.
