[mc4wp_form id=”2320″]
Leaked Database
-
April 8, 2024
- Posted by: Evans Asare
No Comments
Leaked database
A database, allegedly containing the data of 10,000 Home Depot employees, has been posted by the malicious actor IntelBroker on the illicit forum BreachForums. The leaked emails and full names could be used for spear-phishing and other attacks.
The sample provided by hackers includes full names and email addresses. The Cybernews research team could not confirm the authenticity of the data. However, the leaked records appear to match Home Depot employee social media profiles.
What happened?
“In April 2024, Home Depot suffered a data breach that exposed corporate information belonging to 10,000 employees of the company. Compromised data: full names and email addresses,” the hacker claims.
Home Depot is the largest home improvement retailer in the US, operating 2,300 stores. The company had 490,000 employees in 2021 – the leaked database only contains a small percentage of the total headcount.
“A third-party Software-as-a-Service (SaaS) vendor inadvertently made public a small sample of Home Depot associates’ names, work email addresses and User IDs during testing of their systems,” Home Depot spokesperson told Cybernews.
“While the leaked data may not be as sensitive as other types of information, it can still be used by threat actors in social engineering and phishing attacks to gain more sensitive information, such as login credentials and financial data, or to distribute malware on employees’ devices, which can further compromise security,” the Cybernews research team said.
The malicious actor IntelBroker has been particularly active recently. It has breached the popular global shopping platform PandaBuy, and stolen data from General Electric, the US Citizenship and Immigration Services (USCIS), US cellular carriers, and Facebook Marketplace.
Confirmation Of the leaked data from Home Depot
Home Depot has confirmed that it suffered a data breach after one of its SaaS vendors mistakenly exposed a small sample of limited employee data, which could potentially be used in targeted phishing attacks.
