Snowflake attack exposes 3TB of Advance Auto Parts' data, now sold on Dark Web

Breach occurred after Snowflake cloud storage was compromised

Hackers have stolen a massive 3TB of data from Advance Auto Parts,^[1] a leading automotive parts provider, after breaching the company’s Snowflake cloud storage account. The stolen data includes 380 million customer profiles, 140 million customer orders, 44 million loyalty card numbers, and detailed employment information, such as Social Security numbers and driver's license numbers.

The breach is part of a broader campaign targeting Snowflake customers. The attackers, using the handle Sp1d3r, claim that this data is now for sale on cybercrime forums for $1.5 million.^[2] They used stolen credentials to infiltrate these accounts, exploiting the lack of multi-factor authentication (MFA) among some users. This incident highlights significant vulnerabilities in cloud storage security when proper protective measures are not in place.

Highly sensitive information, such as driver's license numbers and Social Security numbers, was compromised

Advance Auto Parts operates 4,777 stores and 320 Worldpac branches, serving numerous independent outlets across North America and the Caribbean.^[3] The breach has exposed a wide range of sensitive data, including customer names, emails, phone numbers, addresses, and detailed sales histories. Employment information with Social Security numbers and driver's license numbers was also compromised.

Despite the severity of the breach, Advance Auto Parts has yet to publicly acknowledge the incident or notify relevant authorities like the U.S. Securities and Exchange Commission. This lack of transparency increases the risk for affected customers and employees, as their personal information is now being sold on cybercrime forums. The company's failure to address the breach promptly may lead to further reputational damage and potential legal repercussions.

The hackers have claimed that they are selling data of 358,000 employees, although the company currently has around 68,000 employees.^[4] This discrepancy might indicate that the stolen data includes information from former employees as well. Advance Auto Parts has not experienced any operational disruptions due to the breach, but the long-term impacts on its reputation and customer trust remain to be seen.

Snowflake blames customers for weak credentials and poor security practices

The Advance Auto Parts breach is part of a larger wave of attacks affecting several Snowflake customers, including high-profile companies like Ticketmaster and Santander. These breaches have been linked to info-stealing malware that hackers used to obtain login credentials. Once these credentials were obtained, the attackers accessed the Snowflake environments of these companies, exploiting weaknesses in their security practices.

Snowflake, a cloud data analysis company, has acknowledged the breaches, stating they were not caused by vulnerabilities in their systems but resulted from compromised credentials and insufficient security measures by their customers.^[5] They claimed that MFA protection can't be underestimated, a step that many of their customers had allegedly neglected.

Precautionary measures for the affected

In response to the breaches, Snowflake has urged all customers to enforce MFA on their accounts and limit access to authorized users only. The company, alongside cybersecurity firms CrowdStrike and Mandiant, continues to investigate the incidents. They discovered that the attackers targeted users with single-factor authentication and used credentials obtained through info-stealing malware.

Additionally, Australian authorities have warned of successful compromises of several companies utilizing Snowflake environments. The FBI and other cybersecurity agencies have been alerted about the growing threat. This ongoing situation highlights the interconnected nature of digital security and the necessity for comprehensive protective measures across all levels of data handling and storage.

Hackers' increased use of info-stealing malware represents a broader trend in cybercrime. This malware scrapes saved passwords and other sensitive information from infected devices, making it easier for attackers to compromise accounts. The breach of Advance Auto Parts, alongside other significant incidents involving Ticketmaster and Santander, serves as a stark reminder of the importance of stringent cybersecurity practices and the potential consequences of neglecting them.