Advance Auto Parts: 2.3M people’s data accessed when crims broke into our Snowflake account

Advance Auto Parts: 2.3M people's data accessed when crims broke into our Snowflake account

July 11, 2024 at 09:23AM

Ethan Steiger, CISO of Advance Auto Parts, disclosed that 2.3 million individuals were affected by a cyber breach. The criminals, under the alias Sp1d3r, attempted to sell the stolen data for $1.5 million, falsely claiming to have taken 380 million customer profiles. Snowflake has introduced new security measures, including multifactor authentication. Ticketmaster is also facing extortion demands.

The meeting notes mention that the criminals, under the online alias Sp1d3r, claimed to have stolen 380 million customer profiles from Advance Auto Parts, including a variety of sensitive information such as names, email and home addresses, phone numbers, and more. They initially put the data up for sale on a cybercrime forum, asking for $1.5 million as payment. However, it appears that the CISO’s letter now suggests that the actual scale of the data breach was much smaller, affecting just 2.3 million individuals, and that the rest of the data types allegedly stolen were bogus claims made by the cybercriminal(s).

Furthermore, the notes also mention that Snowflake, the cloud storage and data warehousing vendor, has announced new policies allowing multifactor authentication (MFA) to be applied across entire organizations, in response to the series of data protection issues at its customers. This is significant as it aims to address the issue of customers not enabling MFA, which was potentially exploited by the cybercriminals.

The meeting notes also discussed Ticketmaster, which is also part of the Snowflake saga and reportedly being extorted for $2 million by cybercriminals. The company recently had 166,000 Taylor Swift tour ticket barcodes allegedly leaked on a cybercrime forum.

Overall, the criminals are making demands for large sums of money and claiming to have stolen extensive amounts of data, but the actual impact and scope of their actions may be less significant than originally claimed.

Full Article