More Than 2 Million People Impacted In Snowflake-Related Attack

Advance Auto Parts disclosed that data belonging to 2.3 million customers was exposed in an April attack targeting its Snowflake deployment.

More details have emerged on what appears to have been another serious data breach linked to a campaign targeting Snowflake customers, with Advance Auto Parts disclosing that data belonging to more than 2 million customers may have been compromised.

The disclosure follows recent reports that the theft of data from two other Snowflake-related breaches, of Ticketmaster and Neiman Marcus Group, is yielding an increased risk of exposure for affected customers.

In a breach notice posted Wednesday by the Maine attorney general’s office, retailer Advance Auto Parts disclosed that more than 2.3 million individuals were impacted in the April attack targeting its Snowflake deployment. Stolen customer data may include name, Social Security number and driver’s license number, the company said.

CRN has reached out to Advance Auto Parts and Snowflake for comment.

In a sample notice to Maine residents, Advance Auto Parts wrote that “like many other companies,” it was informed about the attack on its Snowflake cloud data store on May 23.

The resulting investigation “determined that an unauthorized third party accessed or copied certain information maintained by Advance Auto Parts from April 14, 2024 to May 24, 2024,” Advance Auto Parts said.

Widespread attacks targeting Snowflake customers earlier this year has led to a “significant” volume of data stolen and at least 165 customers known to be potentially impacted, according to researchers from Mandiant.

Earlier this week, the founder of the breach research site Have I Been Pwned told BleepingComputer that email addresses belonging to more than 31 million customers of Neiman Marcus Group have been found to be exposed in the Snowflake-related attack. Meanwhile, attackers reportedly leaked nearly 39,000 Ticketmaster print-at-home tickets as part of its extortion attempt against the company, following the Snowflake attacks.

Other impacted companies in the Snowflake campaign have included Santander Bank and Pure Storage. The wave of data theft attacks are believed to be utilizing stolen passwords.

A cybercriminal group has been “suspected to have stolen a significant volume of records from Snowflake customer environments,” researchers at Mandiant said. Impacted accounts have not been configured with MFA (multifactor authentication), Mandiant researchers confirmed previously.

In a blog post Tuesday, Snowflake said it’s now possible for administrators to make MFA mandatory for users and to monitor for compliance. “To help drive MFA adoption, we’re taking steps to promote individual compliance for Snowflake users,” the company said in the post.