Major U.S. automotive aftermarket parts vendor Advance Auto Parts had 3 TB of data containing sensitive customer and employee details claimed to be stolen by the threat actor dubbed "Sp1d3r" following the compromise of its Snowflake cloud storage environment, reports BleepingComputer.
Included in the trove of information being sold for $1.5 million were 380 million customer profiles, 140 million customer orders, 44 million Loyalty/Gas card numbers, and data from 358,000 former and current Advance employees, as well as sales history, auto part numbers, employment candidate details, and transaction tender data, according to Sp1d3r. Other Snowflake customers were also alleged by the threat actor to have had their data exfiltrated since the intrusions began in mid-April but have since paid the demands of their attackers.
Such a development comes after both recent breaches of Ticketmaster and Santander Bank were linked to compromised Snowflake accounts, with the cloud storage firm attributing the incidents to the targeting of organizations without multi-factor authentication.
