Daily Local News (West Chester, PA)
Worker data leaked
Private information for about 10,000 Home Depot employees has been leaked onto a website used by internet hackers, according to the company and reporting by a number of tech industry news organizations.
The leak was accidental and was caused by a software vendor, said Beth Marlowe, a Home Depot spokeswoman.
“A third-party software-as-a-service vendor inadvertently made public a small sample of Home Depot associates’ names, work email addresses and User IDs during testing of their systems,” she said. “It was not some breach of our system.”
The vendor’s mistake was leaving the information visible on the web for others to see. It was retrieved by a hacker known as IntelBroker, who then posted the data on the illicit forum BreachForums, according to Cybernews.
IntelBroker said it had the data for 10,000 Home Depot employees. The company declined to confirm that number, but said it was “a small sample.”
While this data is not highly sensitive, exposing only corporate IDs, names, and email addresses, it could be used by threat actors to conduct targeted “phishing” attacks against Home Depot employees, CyberNews said.
That kind of data can be used to launch waves of messages to unsuspecting consumers in an effort to get them to provide more sensitive information, such as Home Depot credentials, which could then be sold to others who might use the information to breach the company’s network and steal corporate data or deploy ransomware.
The company said it has taken steps to tighten security against any misuse of the data.