Top carmaker Advance Auto Parts confirms stolen data for sale following Snowflake attack

Zero-day attack
(Image credit: Shutterstock) (Image credit: Shutterstock.com)

The recent Snowflake breach is slowly but surely turning into the next major global cybersecurity event after another major company confirmed having its sensitive data taken.

Following recent incidents affecting Santander and Ticketmaster, American automotive aftermarket parts provider Advance Auto Parts appears to have had three terabytes of data stolen and put up for sale online.

The company primarily operates in the United States, Puerto Rico, the U.S. Virgin Islands, and Canada. It supplies replacement automotive parts, accessories, batteries, and maintenance items for both professional installers and do-it-yourself (DIY) customers. The company operates more than 4,500 stores and more than 300 Worldpac branches. 

No official confirmation

According to BleepingComputer, who confirmed the authenticity of at least some of the data, the threat actor stole 380 million customer profiles (names, emails, mobile phones, postal addresses, and more), 140 million customer orders, 44 million loyalty / gas card numbers, auto parts and part numbers, sale history, employment candidate information with Social Security Numbers (SSN), driver’s license numbers, and demographic details, and transaction tender details.

Finally, the threat actor is selling information on 358,000 employees. Since Advance Auto Parts counts fewer than 70,000 employees, this could also include former workers, as well. 

The hacker, alias Sp1d3r, is selling the database for $1.5 million. The company is yet to make a former announcement, or submit the 8-K form with the SEC.

Earlier this month, Ticketmaster notified the SEC of a breach in which sensitive information on more than 500 million users were allegedly stolen. In the filing, the company said it “identified unauthorized activity within a third-party cloud database environment,” with a spokesperson telling the media the cloud service provider was Snowflake.

Snowflake later said it wasn’t to blame for the incident. In a forum thread posted on June 2, Snowflake representatives said an preliminary investigation, conducted by both CrowdStrike and Mandiant, suggested this was a credential stuffing attack, and not a system vulnerability being exploited.

Snowflake has almost 10,000 customers, including high-profile organizations such as Adobe, AT&T, Kraft Heinz, Mastercard, Micron, Capital One, Doordash, HP, Nielsen, Novartis, Okta, PepsiCo, Siemens, and many others.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.