{ "id": "8c38cb17-b148-4591-8bd2-6862c43a7f44", "created_at": "2026-04-06T00:08:43.357119Z", "updated_at": "2026-04-10T13:12:10.992309Z", "deleted_at": null, "sha1_hash": "994686dcb6b8f24a1024010ef8164488a4768463", "title": "Advance Auto Parts data breach impacts 2.3 million people", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2292701, "plain_text": "Advance Auto Parts data breach impacts 2.3 million people\r\nBy Bill Toulas\r\nPublished: 2024-07-11 · Archived: 2026-04-05 15:46:58 UTC\r\nAdvance Auto Parts is sending data breach notifications to over 2.3 million people whose personal data was stolen in recent\r\nSnowflake data theft attacks.\r\nAdvance operates 4,777 stores and 320 Worldpac branches, serving 1,152 independently owned Carquest stores in the\r\nUnited States, Canada, Puerto Rico, the U.S. Virgin Islands, Mexico, and various Caribbean islands.\r\nOn June 5, 2024, a threat actor known as 'Sp1d3r' began selling a massive 3TB database allegedly containing 380 million\r\nAdvance customer records, orders, transaction details, and other sensitive information.\r\nhttps://www.bleepingcomputer.com/news/security/advance-auto-parts-data-breach-impacts-23-million-people/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/advance-auto-parts-data-breach-impacts-23-million-people/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nOn June 19, the company confirmed the breach via a Form 8-K filing but said it only impacts current and former employees\r\nand job applicants.\r\nThe incident was part of a broader campaign targeting Snowflake accounts using stolen credentials, which impacted Pure\r\nStorage, Los Angeles Unified, Neiman Marcus, Ticketmaster, and Banco Santander.\r\nEmployees impacted\r\nAdvance has completed its internal investigation into the incident and has determined that the data breach impacted\r\n2,316,591 million people.\r\nAccording to the data breach notification samples shared with the authorities, the threat actors maintained unauthorized\r\naccess to Advance's Snowflake environment for over a month, starting mid-April 2024.\r\n\"Our investigation determined that an unauthorized third party accessed or copied certain information maintained by\r\nAdvance Auto Parts from April 14, 2024, to May 24, 2024,\" reads the notice.\r\n\"We conducted a detailed review and analysis of the affected information to determine the types of information contained\r\ntherein and to whom the information relates.\"\r\nThe data stolen by the attackers includes full names, Social Security numbers (SSNs), driver's licenses, and government ID\r\nnumbers.\r\nThe company says it collects this information as part of its job application process, so the 2.3 million figure is related to job\r\napplicants and former/current employees whose data was stored in the compromised cloud database.\r\nThose impacted are given 12 months of complimentary identity theft protection and credit monitoring services through\r\nExperian, and they have until October 1, 2024, to enroll.\r\nPotentially impacted individuals are advised to be vigilant for unsolicited communications, monitor their accounts closely,\r\nactivate fraud alerts, and consider placing a credit freeze.\r\nThe 2.3 million figure reported by Advance is a far cry from the threat actor's allegations about 380M records, and the data\r\ntypes confirmed to have been exposed aren't nearly as extensive as what 'Sp1d3r' offered for sale.\r\nHowever, samples of the stolen data seen by BleepingComputer appear to have contained customer information, so it's\r\npossible they will be notified in the future.\r\nBleepingComputer contacted Advance Auto Parts to clarify whether customer information was exposed, but a comment\r\nwasn't immediately available.\r\nhttps://www.bleepingcomputer.com/news/security/advance-auto-parts-data-breach-impacts-23-million-people/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/advance-auto-parts-data-breach-impacts-23-million-people/\r\nhttps://www.bleepingcomputer.com/news/security/advance-auto-parts-data-breach-impacts-23-million-people/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/advance-auto-parts-data-breach-impacts-23-million-people/" ], "report_names": [ "advance-auto-parts-data-breach-impacts-23-million-people" ], "threat_actors": [ { "id": "d99090fb-318c-46a2-a1b6-9e89ec61a6d8", "created_at": "2024-06-19T02:00:04.375337Z", "updated_at": "2026-04-10T02:00:03.652523Z", "deleted_at": null, "main_name": "Sp1d3r", "aliases": [], "source_name": "MISPGALAXY:Sp1d3r", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434123, "ts_updated_at": 1775826730, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/994686dcb6b8f24a1024010ef8164488a4768463.pdf", "text": "https://archive.orkl.eu/994686dcb6b8f24a1024010ef8164488a4768463.txt", "img": "https://archive.orkl.eu/994686dcb6b8f24a1024010ef8164488a4768463.jpg" } }