Security News > 2024 > July > Advance Auto Parts: 2.3M people's data accessed when crims broke into our Snowflake account

Advance Auto Parts' CISO just revealed for the first time the number of individuals affected when criminals broke into its Snowflake instance - a hefty 2.3 million.

Steiger's letter also said Advance Auto Parts became aware of the intrusion on May 23, but now understands that the cybercriminal(s) behind the attack maintained access to its Snowflake instance between April 14 and May 24.

"On May 23, 2024, we learned that, like many other companies, an unauthorized third party gained access to certain information maintained by Advance Auto Parts within Snowflake, our cloud storage and data warehousing vendor," the letter reads.

The aftermarket auto parts dealer has been quiet about the incident on social media, its website's press corner, and hasn't before confirmed that it was a victim, let alone the scale of the data accessed.

Snowflake lets admins make MFA mandatory across all user accounts Fiend touts stolen Neiman Marcus customer info for $150K Snowflake data leaks snowball as more victims, perps, come forward Live Nation CFO on Taylor Swift ticket chaos: Don't blame me, bots made me crazy.

Having consistently denied any suggestions that a break-in at Snowflake towers was to blame for the spate of data protection gaffes at its customers, the new measure aims to address the issue said to be at the heart of the incidents - that customers weren't enabling MFA where they perhaps should have been.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/11/advance_auto_parts_confirms_23/