79 Million Advance Auto Parts Breached Accounts Added to HIBP

• Advance Auto Parts suffered a massive data breach earlier this month, with data going on sale on hacker forums soon after.
• The cybercriminal claimed to have 380 million accounts stolen from the company's third-party cloud database environment.
• Breach notification service Have I Been Pwned announced adding 79 million unique customer emails to its database.

Automotive aftermarket parts provider Advance Auto Parts suffered a breach on June 5, 2024, when an unauthorized third party gained access to the company’s cloud services account with Snowflake. On June 24, 79,243,727 unique email addresses were verified and added to the Have I Been Pwned (HIBP) data breach notification service.

Advance Auto Parts confirmed they had suffered a data breach that was posted for sale on a popular cybercriminal forum by a hacker named Sp1d3r.

The cybercriminal claimed the information included 380 million customer profiles complete with name, email, mobile, phone, address, and more, as well as 140 million customer orders, part numbers, sales history, transaction tender details, and employee SSNs, driver's license numbers, and demographic details.

The 79+ million emails added to HIBP include names, phone numbers, physical addresses, and other data attributes related to company employees, so people impacted by this breach should exercise caution.

The same cybercriminal is also selling a set of data allegedly stolen from the Australia-based live events and ticketing company TEG (Ticketek Entertainment Group), which supposedly includes the details of some 30 million customers. It is believed to be related to a breach of the company's Snowflake account, but this was not yet confirmed.

Incident response firm Mandiant said approximately 165 companies using Snowflake environments may have had their data stolen by threat actors leveraging leaked credentials of Snowflake customer accounts that did not have multi-factor authentication (MFA) enabled. These credentials were stolen by several info-stealer malware variants.

Earlier this month, Sp1d3r was also selling data reportedly stolen from cybersecurity company Cylance. The data boasted customer, partner, and employee details, including 34 million customer, prospect, and employee emails.