Terabytes of Advance Auto Parts’ Customer Private Data Compromised in Snowflake Attack

Advance Auto Parts, a major U.S. automotive aftermarket parts provider, has fallen victim to a significant data breach. Cybercriminals, operating under the handle “Sp1d3r,” claim to have stolen 3 terabytes of data from the company’s Snowflake cloud storage account. The stolen dataset, now being offered for sale at $1.5 million, includes vast amounts of sensitive information on customers, employees, and company operations.

Scope of the Breach

The breach, which the cybercriminals are attributing to a security lapse in Snowflake’s cloud services, has compromised a wide range of data. Here are the details:

Customer Data:

  • 380 Million Customer Profiles: Including names, email addresses, phone numbers, and physical addresses.
  • 140 Million Customer Orders: Detailed order histories of millions of customers.
  • 44 Million Loyalty and Gas Card Numbers: Card numbers along with associated customer details.

Employee Data:

  • 358,000 Employee Records: Including social security numbers, driver’s license numbers, demographic details, and more. This number significantly exceeds the company’s current employee count of 68,000, suggesting old data of former employees and job candidates is also included.

Operational Data:

  • Auto Parts Information: Detailed records of auto parts, part numbers, and sales history.
  • Transaction Details: Comprehensive transaction records, potentially including payment details.

Advance Auto Parts’ Response

Advance Auto Parts, which operates over 4,777 stores and serves markets in the U.S., Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and the Caribbean, has yet to publicly acknowledge the breach. Efforts to contact the company for comment have gone unanswered, and no notifications have been made to the U.S. Securities and Exchange Commission.

Security Implications and Snowflake’s Role

Snowflake, the cloud service provider, is used by numerous high-profile companies worldwide, such as Adobe, AT&T, Kraft Heinz, Mastercard, and more. The breach raises serious questions about Snowflake’s security practices. The cybercriminals claim the breach occurred due to vulnerabilities in Snowflake’s security, particularly targeting accounts that did not use multi-factor authentication (MFA).

Snowflake has stated that their systems were not directly compromised and attributes the breaches to stolen customer credentials, often obtained through information-stealing malware. Despite this, cybersecurity experts have criticized Snowflake for not mandating stronger security measures like MFA. Snowflake has advised customers to enable MFA to enhance their cybersecurity.

Impact and Recommendations

The Advance Auto Parts data breach is part of a larger trend of cyberattacks targeting cloud storage accounts. Similar breaches have affected companies like Ticketmaster and Santander, highlighting the need for improved security practices.  For those who suspect they might be affected by the Advance Auto Parts breach, checking your exposure is crucial. Use tools like a Digital Footprint scan to see what personal information of yours might have been exposed in this or previous data breaches.

Conclusion

The Advance Auto Parts data breach underscores the importance of robust cybersecurity measures, especially when managing cloud storage accounts. Companies must prioritize cybersecurity and adopt comprehensive measures like multi-factor authentication to protect sensitive data from evolving cyber threats. Companies can mitigate risks by staying informed and taking proactive steps recommended by third party cybersecurity firms.