American auto parts supplier Advance Auto Parts has experienced a data breach affecting 79 million customers and employees. The compromised information includes email addresses, names, phone numbers, addresses, and employee-specific data. The breach occurred in a third-party cloud environment, potentially Snowflake’s.
In a WIRED article earlier this month, a spokesperson for Snowflake acknowledged the reports of Advance Auto Parts’ involvement in a security incident but stated that an investigation is ongoing and no additional information is available at this time. Snowflake is a cloud platform companies, including Advance Auto Parts, use for data storage and analytics. Advance Auto Parts had previously conducted a webinar explaining their migration to Snowflake.
In early June, Stack Diary reported on Snowflake’s involvement in the Ticketmaster breach, where the threat group ShinyHunters claimed unauthorized access to 560 million user records. This breach was initially linked to a supposed compromise of Snowflake’s systems. In response, Snowflake, alongside CrowdStrike and Mandiant, issued a joint statement detailing their preliminary findings, emphasizing that there was no vulnerability or breach within Snowflake’s platform itself, but rather – it was the irresponsibility of their customers to use weak protection for administrator accounts.
In a report to the U.S. Securities and Exchange Commission (SEC), Advance Auto Parts disclosed that unauthorized activity in a third-party cloud environment was detected on May 23. By June 4, data purportedly belonging to the company appeared online. Advance Auto Parts indicated that the leaked files contained employee personnel data.
However, security researcher Troy Hunt, founder of the data breach search engine Have I Been Pwned, revealed that the breach also involved customer data. He added 79 million stolen email addresses to his database, noting that 60% were already known from previous breaches. Have I Been Pwned allows users to check if their email address has been involved in a known data breach. Advance Auto Parts estimates that managing the data breach will cost $3 million, which they said in their SEC filing.
