Threat actors claim to be selling a massive dataset stolen from Advance Auto Parts, a leading automotive parts retailer. The data breach allegedly compromised information for millions of customers, including names, addresses, phone numbers, email addresses, loyalty card details, and purchase history. The hackers also claim to possess employee data such as Social Security numbers and driver’s license information.
The breach reportedly targeted Advance Auto Parts’ Snowflake cloud storage account. Snowflake is a cloud storage service used by many major companies. Hackers likely gained access through stolen credentials and were able to exfiltrate a significant amount of data. Advance Auto Parts has not yet publicly acknowledged the breach and has not responded to requests for comment.
This incident highlights the growing risk of cyberattacks targeting cloud storage solutions. Security researchers believe the attackers responsible for the Advance Auto Parts breach may have targeted other Snowflake customers as well.
While the full scope of the attack is still under investigation, it raises serious concerns about the security of customer data. Advance Auto Parts should take immediate steps to investigate the breach, notify affected customers, and improve their cybersecurity measures.
