Hackers have captured 3 terabytes of customer, inventory and sales data, among others, after a breach at Advance Auto Parts. The group has offered it for sale online. The breach occurred through a Snowflake cloud storage account at the North American company.
The hackers, calling themselves “Sp1d3r,” supposedly managed to hack into Advance Auto Parts’ Snowflake account via infostealer malware, Mandiant indicates in conversation with Bleeping Computer.
In the break-in, the hackers managed to capture a total of 3 TB of Advance Auto Parts’ data. This included 380 million customer profiles, among other things. Among the data was a large number of name and address information, data on 140 million customer orders and 44 million loyalty card numbers. In addition, information on as many as 385,000 current and former employees would have been snapped up.
Other data that was stolen and is now being offered for sale online include parts numbers, sales history, applicant information and tender transaction details. The hackers are selling all the stolen data for a total of $1.5 million, according to a hacker forum. Advance Auto Parts itself has yet to comment on the theft of the 3 TB of sensitive data.
Part of Snowflake attacks
The hackers allegedly captured the data in a recent series of attacks on Snowflake accounts. The most prominent of these targeted Ticketmaster, while Spanish bank Santander was also hit via a compromised Snowflake account.
Snowflake Confirmation
Snowflake recently confirmed that accounts are being attacked by hackers. These would primarily use stolen credentials and target those Snowflake users who have disabled multi-factor authentication. The company indicates that its own infrastructure and products are not the cause of the breaches.
Also read: Ticketmaster reports cloud database breach to US stock market watchdog SEC