Advance Auto Parts data breach (2024) — what was exposed and what to do

What happened

According to public breach records, the Advance Auto Parts data breach on June 5, 2024 is reported to have exposed the personal information of 79,243,727 accounts.

In June 2024, Advance Auto Parts confirmed they had suffered a data breach which was posted for sale to a popular hacking forum. Linked to unauthorised access to Snowflake cloud services, the breach exposed a large number of records related to both customers and employees. In total, 79M unique email addresses were included in the breach, alongside names, phone numbers, addresses and further data attributes related to company employees.

In June 2024 Advance Auto Parts confirmed a data breach stemming from unauthorized access to its Snowflake cloud-data account; the attackers (tracked by Mandiant as UNC5537) used login credentials previously stolen by infostealer malware rather than exploiting any flaw in Snowflake itself. Unauthorized access ran from roughly April 14 to May 24, 2024 and the company learned of it on May 23, 2024. A dataset of approximately 79.2 million unique email addresses—alongside names, phone numbers and physical addresses—was subsequently posted for sale on a popular hacking forum, making it one of the larger exposures tied to the wider 2024 Snowflake-customer attack campaign. ["Treat unsolicited emails, texts, or calls referencing Advance Auto Parts, your orders, or your account as potential phishing—your address, phone number, and email were exposed together, which lets scammers craft convincing personalized messages.", "Do not click links or call numbers from messages claiming to be Advance Auto Parts; navigate to the official site directly or use a number from your receipt or card statement.", "Be alert for mail and phone-based fraud that uses your real home address and name to appear legitimate, and verify any 'account problem' or 'refund' request through an official channel before responding.", "Consider using email aliases or filtering for unfamiliar senders, since this email list is circulating publicly and may drive an increase in spam and targeted phishing."]

What data was exposed

The following types of personal data were compromised:

• Email addresses
• Names
• Phone numbers
• Physical addresses

Breach details

This summary is compiled from public breach-notification data and known leak databases. Figures reflect what those sources report and may be revised as more is learned. If something here looks wrong or you think your information is involved, contact our support team.

We report breaches as a factual record to help people check their exposure. Inclusion here is not an allegation of wrongdoing or negligence by Advance Auto Parts; it reflects a publicly reported security incident.

What to do now

Based on the data exposed in this breach, here are the steps you should take:

• Treat unsolicited emails, texts, or calls referencing Advance Auto Parts, your orders, or your account as potential phishing—your address, phone number, and email were exposed together, which lets scammers craft convincing personalized messages.
• Do not click links or call numbers in messages claiming to be from Advance Auto Parts; navigate to the official site directly or use a number from your receipt or card statement.
• Watch for mail and phone-based fraud that uses your real home address and name to appear legitimate, and verify any account, refund, or delivery problem through an official channel before responding.
• Since this email list is circulating publicly, expect more spam and targeted phishing; consider filtering unfamiliar senders or using email aliases going forward.

Check your exposure

Data breaches are one of the ways your personal information ends up on data broker sites. Run a free scan to see which sites are exposing your personal data — and take action to remove it.

Sources

• Have I Been Pwned: Advance Auto Parts Data Breach
• Snowflake-linked attack on Advance Auto Parts exposes 2.3 million people | Cybersecurity Dive