Terabytes of Advance Auto Parts data stolen in Snowflake attack


Advance Auto Parts data has been put up for sale after cybercriminals allegedly breached the company’s Snowflake cloud storage account. The Cybernews research team has reviewed a sample of the data and believes that the leak is legitimate.

A malicious actor claims to have stolen three terabytes of data from Advance Auto Parts, a US-based automotive parts behemoth. The stolen dataset allegedly includes an ocean of sensitive company, client, and employee data.

We have contacted Advance Auto Parts for comment but have not received a reply yet. The company operates thousands of stores across the US and has reported revenue exceeding $11 billion.

ADVERTISEMENT

Our research team has reviewed the data sample provided by the attackers in the data leak forum post and concluded that it includes legitimate information.

Advance Auto Parts data sample
Post on Advance Auto Parts data. Image by Cybernews.

The attacker is trying to peddle the dataset for $1.5 million, claiming that it includes vast amounts of data with far-reaching security implications. According to the hacker’s ad, the dataset includes:

  • 380 million customer profiles (name, email, mobile, phone, address, and more)
  • 140 million customer orders
  • 44 million loyalty/gas card numbers (with customer details)
  • 358,000 employees
  • Auto parts/part numbers
  • Sales history
  • Employment candidate info with SSNs, driver’s license numbers, demographic details
  • Transaction tender details

Advance Auto Parts reports employing over 67,000 people, which suggests that attackers obtained details of the company’s former and current employees.

The data seller claims that they obtained the details after breaching Advance Auto Parts’ Snowflake account. Several of the cloud providers’ clients allegedly had their databases taken down after attackers targeted victims with stolen credentials.

The Ticketmaster data breach, which exposed 560 million of the company’s customers, likely happened after attackers accessed its Snowflake account. Last week, the company confirmed attackers accessed its “third-party cloud database environment.”

Meanwhile, Snowflake shifted the responsibility for the attack on the clients, saying the unauthorized access attempts were part of a “targeted campaign directed at users with single-factor authentication.”

ADVERTISEMENT

However, security researchers were not impressed by the cloud providers’ position, saying that while the cloud provider technically wasn’t breached, the optics of Snowflake allowing customers to use single-factor authentication are not great.

The cloud provider said it had informed several customers about attackers targeting their accounts, which could point to an oncoming tsunami of data breaches. Snowflake boasts numerous prominent clients such as Mastercard, AT&T, ExxonMobil, Cisco, Adobe, CapitalOne, Doordash, Roku, EA, Siemens, Kraft Heinz, and others.