HQ/EMEAFind out how we can help your business
Threat actors claim to be selling 3TB of data stolen from Advance Auto Parts, a major automotive aftermarket parts seller, after compromising the company’s Snowflake account.
The affected entity currently operates 4,777 stores, 320 Worldpac locations, and 1,152 individually owned Carquest stores in the United States, Puerto Rico, Canada, the U.S. Virgin Islands, Mexico, and other Caribbean islands.
A threat actor named Sp1d3r revealed that it had seized a vast data collection from the company’s Snowflake cloud storage environment. The alleged stolen data include details, such as client profiles (e.g. name, email, mobile, phone, address), customer orders, loyalty and gas card numbers, auto parts/numbers, and sales history.
In addition, the attackers claimed that they had stolen employment candidate information, including SSNs, driver’s license numbers, and demographic information.
While the attackers said they were selling the stolen information of 358,000 employees, the organisation only employs approximately 68,000. Researchers believe this disparity could be due to old data from former employees and associates included by the hackers in the leak.
On the other hand, Advance has yet to report the hack and inform the United States publicly.
The hackers stole the data through the Advance Auto Parts Snowflake account.
The threat actor who sold the Advance Auto Parts data for $1.5 million on a hacking site revealed that they obtained the information during the recent attack that targeted the Snowflake clients since at least mid-April 2024.
Snowflake’s cloud services are used by 9,437 customers worldwide, including high-profile companies like Adobe, AT&T, Kraft Heinz, Mastercard, Micron, Capital One, Doordash, HP, Nielsen, Novartis, Western Union, Yamaha, and many more.
The threat actor also confirmed that the car firm is not the only Snowflake customer whose data was compromised. According to them, some Snowflake customers have already paid to recover their data after they approached them to negotiate. Still, the researchers could not verify these claims as they were unable to find proof of their legitimacy.
Therefore, potentially affected individuals, especially the car company’s customers, should be wary of their digital presence, as threat actors may use this information to execute other illicit activities.
