Threat Actors Sold 380 Million Customer Records Online After Breaching Cloud Storage Provider in the Snowflake Cyberattack.
Threat actors have claimed to steal and are now selling personal and financial details of over 380 million Advance Auto Parts customers online after breaching the automotive retailer’s cloud storage provider Snowflake.
According to the threat actor going by the name ‘Sp1d3r’, they were able to steal around 3 terabytes of internal files and databases containing highly sensitive customer records from Advance Auto Parts’ Snowflake account in recent months.
Details of Leaked Information in Snowflake Cyberattack
Following information from Advance Auto Parts was leaked in the Snowflake cyberattack:
- 380 million customer profiles containing names, email addresses, phone numbers, home addresses and order details
- 140 million customer orders
- 44 million loyalty program and gas card numbers along with associated personal details
- Sales histories and transaction records
- Product information and auto parts/part numbers
- Employment records and applications containing sensitive PII like social security numbers and driver’s license images of candidates
Transaction payment details as quoted by the threat actor, “We have stolen massive amounts of internal and confidential data from Advance Auto Parts’ Snowflake account. We are now selling this stolen data online which includes records of over 380 million customers along with their personal and financial details.”
However, the company is yet to publicly acknowledge this cyberattack. When contacted, an Advance Auto Parts spokesperson did not provide any comment on the reported data breach.
Stolen Data Confirmed to be from Snowflake Data Breach
BleepingComputer first confirmed that a portion of the customer records being sold by the hackers online do indeed belong to Advance Auto Parts after cross-referencing details from randomly sampled data sets.
The stolen files clearly had references to ‘Snowflake’ scattered throughout, corroborating the threat actor’s claim that the data originated from the cloud data warehouse provider.
Snowflake is a popular cloud data platform used by over 9,400 companies worldwide for securely storing and analyzing their databases in cloud services like Amazon Web Services, Microsoft Azure and Google Cloud.
However, in recent months, Snowflake accounts of multiple customers have been targeted by hackers after leveraging credentials of employees likely stolen through phishing attacks or malware infections on corporate machines.
The same group is believed to be behind other reported data breaches at companies like Ticketmaster and Santander as well.
Snowflake Denies Any Vulnerabilities in Their Systems
While Snowflake claims that no vulnerabilities were found within their own platform, they did acknowledge that in some cases attackers were able to leverage compromised employee credentials to first access the cloud tenants before stealing sensitive data.
Moving forward, Snowflake is working with law enforcement and federal agencies on further hardening security and notifying customers about the ongoing risks.
The Snopwflake data breach exposed highly sensitive personal and financial details of over 380 million individuals who have shopped with Advance Auto Parts. With such a large scale theft, affected customers are now at an elevated risk of identity theft and phishing attacks.
Both the companies and Snowflake will need to promptly investigate the root causes and notify all impacted parties. More details are likely to emerge in the coming weeks on the full scale of this worrying Snowflake cyberattack.
