Excerpt from Tech Times Article, Published on July 12, 2024
Advance Auto Parts has alerted over 2.3 million individuals about a data breach caused by a Snowflake cyberattack. The breach affected the company’s 4,777 storefronts and 320 Worldpac locations, serving 1,152 independently owned Carquest stores in the US, Canada, Puerto Rico, the USVI, Mexico, and the Caribbean. On June 5, 2024, malware seller ‘Sp1d3r’ claimed to have sold a 3TB database containing 380 million Advance customer records, orders, transaction details, and other sensitive data.
In a Form 8-K statement on June 19, Advance Auto Parts clarified that the breach primarily impacts current and past employees and job candidates. The company’s internal investigation identified 2,316,591 individuals affected by the data incident. From mid-April 2024, threat actors had unauthorized access to Advance’s Snowflake environment for nearly a month.
The stolen data includes full names, Social Security numbers, driver’s licenses, and government ID numbers, which the firm collects during the hiring process. The breach also affected other major entities such as Pure Storage, Los Angeles Unified, Neiman Marcus, Ticketmaster, and Banco Santander.
Snowflake, a renowned cloud data platform, suffered a major data breach that potentially harms businesses and individuals. On May 23, 2024, Snowflake identified improper account access, initially appearing minor but eventually revealing a massive scope. The hackers stole and sold data from companies like Santander, Ticketmaster, LendingTree, and Advance Auto Parts.
A sophisticated phishing, malware, and data-stealing attack caused the breach, targeting single-factor authentication accounts using compromised device login credentials. Snowflake received criticism for not enforcing multi-factor authentication (MFA) by default, leaving many accounts vulnerable.
Snowflake maintained transparency throughout the investigation, working with cybersecurity professionals. The company advised clients to employ MFA, limit access to authorized users, and reset login credentials to prevent future breaches. This incident highlights the critical importance of robust security measures and continuous improvement to safeguard sensitive data.
Learn more about the Advance Auto Parts breach and its implications for data security and privacy.
To delve deeper into this topic, please read the full article on Tech Times.
