June 5, 2024 at 05:57PM
Threat actors are claiming to sell 3TB of data stolen from Advance Auto Parts. The stolen data includes 380 million customer profiles, 140 million customer orders, and other sensitive information. The breach is linked to compromised Snowflake accounts, affecting multiple customers. However, Snowflake claims it was not due to any vulnerability or misconfiguration within their product.
The meeting notes detail a significant data breach at Advance Auto Parts, a leading automotive aftermarket parts provider. A threat actor going by the handle “Sp1d3r” is selling 3TB of stolen data from Advance’s Snowflake account. The stolen data includes millions of customer profiles, orders, loyalty/gas card numbers, auto parts information, sales history, employment candidate details, and transaction tender details.
Additionally, the threat actor claims to have stolen data belonging to around 358,000 employees, even though the company currently has approximately 68,000 employees. It is speculated that the difference could be old data belonging to former employees and associates.
BleepingComputer has confirmed the legitimacy of a large number of Advance Auto Parts customer records. Despite this, Advance Auto Parts has not publicly disclosed the breach or notified the U.S. Securities and Exchange Commission.
The threat actor is selling the stolen data for $1.5 million on a hacking forum and claims that the data was stolen in recent attacks targeting Snowflake customers. Snowflake’s cloud services are used by numerous high-profile companies worldwide, with the threat actor alleging that other Snowflake customers have also had their data breached.
The leaked data contains references to ‘SNOWFLAKE’ and is linked to recent breaches at Santander and Ticketmaster. TicketMaster’s parent company, Live Nation, confirmed a data breach after its Snowflake account was compromised.
Snowflake has stated that the activity is not caused by any vulnerability, misconfiguration, or malicious activity within the Snowflake product. Mandiant Consulting has been assisting compromised Snowflake customers and believes that the attackers are likely using stolen credentials to access Snowflake tenants and steal data.