Home Depot Confirms Data Breach After Employee Info Appears on Hacker Forum | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Home Depot has confirmed the data of around 10,000 employees was exposed and published online, BleepingComputer reports.

The data includes corporate IDs, names, and email addresses, which could be used for targeted phishing attempts on the employees in order to gain access to Home Depot’s network.

The data did not come directly from Home Depot’s systems. Instead, a third-party software provider appears to have accidentally made it public. A hacker who goes by the moniker IntelBroker found it and then published it on a site called BreachForums.

“Today, I have uploaded the database for you to download, thanks for reading and enjoy!” IntelBroker wrote on the post, shown below. IntelBroker is a repeat offender who also claimed responsibility for the March 2023 DC Health link breach affecting 170,000 US lawmakers.

Home Depot confirmed in a statement that “a third party Software-as-a-Service (SaaS) vendor inadvertently made public a small sample of Home Depot associates’ names, work email addresses and User IDs during testing of their systems,” according to BleepingComputer and The Register.

Recommended by Our Editors

The attack demonstrates the vulnerabilities large corporations face when providing sensitive data to third-party suppliers, over which they do not have day-to-day control. Home Depot claims to be the world’s largest home improvement retailer, with thousands of stores, a large online business, and around 500,000 total employees, according to Zippia’s estimates.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

var facebookPixelLoaded = false;
window.addEventListener(‘load’, function() {
document.addEventListener(‘scroll’, facebookPixelScript);
document.addEventListener(‘mousemove’, facebookPixelScript);

function facebookPixelScript() {
if (!facebookPixelLoaded) {
facebookPixelLoaded = true;
document.removeEventListener(‘scroll’, facebookPixelScript);
document.removeEventListener(‘mousemove’, facebookPixelScript);

! function(f, b, e, v, n, t, s) {
if (f.fbq) return;
n = f.fbq = function() {
n.callMethod ?
n.callMethod.apply(n, arguments) : n.queue.push(arguments)
if (!f._fbq) f._fbq = n;
n.push = n;
n.loaded = !0;
n.version = ‘2.0’;
n.queue = [];
t = b.createElement(e);
t.async = !0;
t.src = v;
s = b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t, s)
document, ‘script’, ‘//’);

fbq(‘init’, ‘454758778052139’);
fbq(‘track’, “PageView”);


Click Here For The Original Story From This Source.


National Cyber Security