New Snowflake Data Breach Exposes Millions of Customers

More information has come to light about another significant data breach targeting Snowflake customers. The cloud computing-based data company has come under scrutiny recently due to multiple attacks targeting its customers, citing the lack of proper security practices.

This time around, Advance Auto Parts has revealed that over 2 million customers’ data might have been compromised.

According to a filing with the Vermont Attorney General’s Office, Advance Auto Parts discovered on May 23 that an unauthorized third party had accessed some of the data stored in Snowflake, their cloud storage and data warehousing provider.

“We began an investigation to determine the nature and scope of the incident with the support of third-party experts, and took measures to contain the incident and terminate the unauthorized access,” the filing said. “Our investigation determined that an unauthorized third party accessed or copied certain information maintained by Advance Auto Parts (from April 14 to May 24). We conducted a detailed review and analysis of the affected information to determine the types of information contained therein and to whom the information relates. This review was completed on June 10, 2024.”

Scope and impact

This news comes on the heels of reports about other data breaches involving Snowflake clients, including major players like Ticketmaster, Santander Bank, and Neiman Marcus Group, which have heightened the risk of exposure for affected customers. The wave of data theft attacks is believed to involve the use of stolen passwords.

In a breach notice posted Wednesday by the Maine attorney general’s office, Advance Auto Parts revealed that over 2.3 million individuals were impacted by an April attack on its Snowflake deployment. The stolen customer data may include names, Social Security numbers, and driver’s license numbers, according to the company.

Company response and security measures

“Upon learning of the incident, we promptly terminated the unauthorized access and took proactive measures aimed at preventing future unauthorized access,” the company said. “We also notified law enforcement. In addition, we continue to work with third-party cybersecurity experts to take steps to further harden our systems and emerge from this incident an even more secure organization.”

According to Mandiant researchers, a cybercriminal group is “suspected of stealing a large volume of records from Snowflake customer environments.” They confirmed that the affected accounts did not have multifactor authentication (MFA) enabled.

Wider implications and expert insights

In a blog post on Tuesday, Snowflake announced that administrators can now require MFA for users and monitor compliance. “To help drive MFA adoption, we’re taking steps to promote individual compliance for Snowflake users,” the company stated in the post.

Indeed, MFA is generally considered the gold standard for cybersecurity. Experts strongly recommended implementing it to protect users from threats, stressing that not doing so can leave a gaping hole in defenses, one that attackers can easily squeeze through and exploit.

“The absence of basic cyber hygiene by any provider can result in catastrophic consequences throughout a supply chain that affect the bottom line of countless customers,” said Dawn Sizer, CEO of 3rd Element Consulting. “The lack of accountability and consequences has to stop – it has become the norm with no end in sight. U.S. businesses (all of them, really) must be held responsible and liable for damages they do to other businesses when they fail to adhere to the bare minimum of security standards, or neglect to do due diligence on their products.”

Read more about how the recent Snowflake breaches have underscored the critical importance of robust and proactive security measures such as MFA.