Unforeseen cyber assault on Advance Auto Parts leads to unveiling of personal data for 2.3 million individuals, with traces linking back to Snowflake.
In a shocking turn of events, Advance Auto Parts, a leading automotive parts retailer, has disclosed a data breach that affected over 2.3 million individuals [1][3]. The breach occurred within the company's Snowflake cloud environment, a popular data cloud vendor, between April 14 and May 24, 2024 [1][5].
This breach is part of a broader cyber threat campaign that has impacted approximately 160 companies using Snowflake [2]. The attack is believed to be the work of a cybercriminal group known as UNC5537, with ties to the infamous hacking groups ShinyHunters and Scattered Spider [5].
The breach involved the unauthorized access and exfiltration of sensitive personal information, including names, emails, addresses, dates of birth, driver's license numbers, and Social Security numbers [1][3]. This data was primarily collected during the job application process.
Investigations have revealed that the attackers gained access by exploiting the lack of Multi-Factor Authentication (MFA) on Advance Auto Parts' Snowflake account [1][5]. This allowed them to log in using harvested username and password credentials without additional security challenges.
The attackers used infostealer malware to harvest credentials from personal and enterprise devices [5]. This is a concerning development, as it suggests that the attackers may have gained access to other systems as well.
This breach has raised concerns among corporate stakeholders, who are now questioning the risk calculus of their technology stacks and whether they are potential targets [1]. The breach at Advance Auto Parts is not the only one linked to Snowflake. AT&T's Snowflake environment was also breached, resulting in the theft of call and text message records on nearly 110 million customers [4].
It is important to note that Snowflake, Mandiant, and CrowdStrike maintain that the attacks were not caused by a vulnerability or breach of Snowflake's enterprise environment [6]. However, the lack of MFA on affected accounts underscores the importance of robust security measures, even in a cloud environment.
As the investigation continues, more companies may come forward as more customers impacted by the breach come forward [1][2]. It is essential for individuals to remain vigilant and monitor their personal information for any suspicious activity.
[1] Data Breach at Advance Auto Parts Exposes Personal Information of Over 2.3 Million People, Office of the Maine Attorney General, 2024 [2] Snowflake Data Breach Affects Over 100 Companies, Cybersecurity Insiders, 2024 [3] Advance Auto Parts Data Breach: What We Know So Far, TechCrunch, 2024 [4] AT&T Data Breach Exposes Records of Nearly 110 Million Customers, The Verge, 2024 [5] Snowflake Data Breach: How Infostealer Malware and Lack of MFA Led to a Massive Breach, Wired, 2024 [6] Snowflake, Mandiant, and CrowdStrike Deny Cause of Widespread Data Breaches, ZDNet, 2024
- The data breach at Advance Auto Parts involved the use of infostealer malware, which is concerning as it suggests the attackers may have gained access to other systems.
- The breach has highlighted the importance of robust cybersecurity measures, particularly the use of Multi-Factor Authentication (MFA), even in a cloud environment.
- Threat intelligence suggests that the attack on Advance Auto Parts was the work of cybercriminal group UNC5537, connected to ShinyHunters and Scattered Spider.
- The incident response to the data breach will likely involve vulnerability assessments and threat intelligence gatherings to determine if other unauthorized accesses took place.
