Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Home Depot employee data exposed after third-party vendor breached

Employees of the US’ largest home improvement retailer, Home Depot, have had their data exposed after a third-party vendor used by the retailer suffered a data breach.

user icon Daniel Croft
Mon, 08 Apr 2024
Home Depot employee data exposed after third-party vendor breached
expand image

A database containing the data of over 10,000 of Home Depot’s 475,000 staff was posted to the notorious BreachForums hacking forum by infamous leaker IntelBroker.

“Today, I have uploaded the Homedepot.com database for you to download, thanks for reading and enjoy!” wrote IntelBroker on BreachForums.

According to the listing, the data included employees’ full names and email addresses and can be downloaded for only four BreachForum credits, an earnable currency that users can get through posting to the site, encouraging them to contribute.

============
============

Speaking with BleepingComputer, Home Depot confirmed that it was aware of the attack and that the data was exposed on accident by one of its third-party software-as-a-service (SaaS) vendors after it fell for a phishing attack.

“A third-party software-as-a-service (SaaS) vendor inadvertently made public a small sample of Home Depot associates’ names, work email addresses and user IDs during testing of their systems,” said a spokesperson.

While no financial or banking information was leaked, threat actors who accessed the data could use it to launch new attacks or commit fraud to then gain access to affected individuals finances, or further breach the company’s network.

IntelBroker is known for targeting major organisations and government agencies, most recently having breached a US federal government contractor and leaked “documents belonging to the Five Eyes intelligence group”, according to the threat actor on BreachForums.

“This data was obtained by breaching into Acuity Inc, a company that works directly with the US government and its allies,” the threat actor said.

According to IntelBroker, who is reportedly one of three hackers behind the breach, alongside “Sanggiero” and “EnergyWeaponUser”, exfiltrated data includes full names, emails, office numbers, personal mobile numbers, government, military and Pentagon email addresses and “classified information and communications between the 5 eyes, 14 eyes and the US’s allies”.

The US Department of State is aware of the breach and has launched an investigation into the attack.

“The department is aware of claims that a cyber incident has occurred and is currently investigating,” a spokesperson for the State Department told BleepingComputer.

“The department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department’s cyber security posture.

“For security reasons, we will not provide details on the nature and scope of the claim.”

Prior to this, IntelBroker launched attacks on T-Mobile, Facebook Marketplace, General Electric, the US Citizenship and Immigration Services (USCIS) and DC Health Link.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.