Credential theft
Advance Auto Parts data breach via Snowflake (UNC5537)
Primary Source βIncident Details
UNC5537 accessed Advance Auto Parts’ Snowflake environment between April 14 and May 24, 2024. Breach disclosed July 10 via Maine AGO notification affecting 2.3 million current and former employees and job applicants. Exposed data: names, SSNs, driver’s licence numbers, dates of birth. $10 million class action settlement reached. Part of the broader Snowflake campaign affecting 165+ organisations.
Technical Details
- Initial Attack Vector
- CWE-307: Improper Restriction of Excessive Authentication Attempts (stolen credentials reused against Snowflake tenant with no MFA)
- Vendor / Product
- Snowflake cloud data platform / Advance Auto Parts
Timeline
- 2024-04-14 Breach occurred
- 2024-07-10 Publicly disclosed
- 2024-07-10 Customers notified