Share this article on:
Employees of the US’ largest home improvement retailer, Home Depot, have had their data exposed after a third-party vendor used by the retailer suffered a data breach.
A database containing the data of over 10,000 of Home Depot’s 475,000 staff was posted to the notorious BreachForums hacking forum by infamous leaker IntelBroker.
“Today, I have uploaded the Homedepot.com database for you to download, thanks for reading and enjoy!” wrote IntelBroker on BreachForums.
According to the listing, the data included employees’ full names and email addresses and can be downloaded for only four BreachForum credits, an earnable currency that users can get through posting to the site, encouraging them to contribute.
Speaking with BleepingComputer, Home Depot confirmed that it was aware of the attack and that the data was exposed on accident by one of its third-party software-as-a-service (SaaS) vendors after it fell for a phishing attack.
“A third-party software-as-a-service (SaaS) vendor inadvertently made public a small sample of Home Depot associates’ names, work email addresses and user IDs during testing of their systems,” said a spokesperson.
While no financial or banking information was leaked, threat actors who accessed the data could use it to launch new attacks or commit fraud to then gain access to affected individuals finances, or further breach the company’s network.
IntelBroker is known for targeting major organisations and government agencies, most recently having breached a US federal government contractor and leaked “documents belonging to the Five Eyes intelligence group”, according to the threat actor on BreachForums.
“This data was obtained by breaching into Acuity Inc, a company that works directly with the US government and its allies,” the threat actor said.
According to IntelBroker, who is reportedly one of three hackers behind the breach, alongside “Sanggiero” and “EnergyWeaponUser”, exfiltrated data includes full names, emails, office numbers, personal mobile numbers, government, military and Pentagon email addresses and “classified information and communications between the 5 eyes, 14 eyes and the US’s allies”.
The US Department of State is aware of the breach and has launched an investigation into the attack.
“The department is aware of claims that a cyber incident has occurred and is currently investigating,” a spokesperson for the State Department told BleepingComputer.
“The department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department’s cyber security posture.
“For security reasons, we will not provide details on the nature and scope of the claim.”
Prior to this, IntelBroker launched attacks on T-Mobile, Facebook Marketplace, General Electric, the US Citizenship and Immigration Services (USCIS) and DC Health Link.