House Depot confirms third-party information breach uncovered worker data

House Depot has confirmed that it suffered an information breach after one among its SaaS distributors mistakenly uncovered a small pattern of restricted worker information, which might probably be utilized in focused phishing assaults.

House Depot is the most important house enchancment retailer, with greater than 2,300 shops in North America and over 475,000 workers.

On Thursday, a menace actor referred to as IntelBroker leaked restricted information for about 10,000 House Depot workers on a hacking discussion board.

“In April 2024, Home Depot suffered a data breach that exposed the corporate information belonging to 10K employees of the company,” reads the discussion board publish.

The Home Depot data leaked on a hacking forum
The House Depot information leaked on a hacking discussion board
Supply: BleepingComputer

After BleepingComputer contacted House Depot, the corporate confirmed that one among its third-party SaaS distributors mistakenly uncovered pattern worker information.

“A third-party Software-as-a-Service (SaaS) vendor inadvertently made public a small sample of Home Depot associates’ names, work email addresses and User IDs during testing of their systems,” House Depot informed BleepingComputer.

Whereas this information will not be extremely delicate, exposing solely company IDs, names, and electronic mail addresses, it might be utilized by menace actors to conduct focused phishing assaults in opposition to House Depot workers.

These phishing assaults might be designed to assemble extra delicate data, comparable to House Depot credentials, which might then be offered to different menace actors or used to breach the corporate’s community to steal company information or deploy ransomware.

Because of this, all House Depot workers must be cautious of any emails containing hyperlinks to pages that request company credentials or different data. If one among these emails is acquired, it must be reported to the corporate’s IT workers, who can confirm whether or not it’s authentic.

​IntelBroker is a widely known menace actor who first gained notoriety by breaching DC Well being Hyperlink, a corporation that administers the well being care plans of U.S. Home members, their workers, and their households.

The incident resulted in widespread media consideration and a congressional listening to after the information for 170,000 affected people, together with members and workers of the U.S. Home of Representatives, was leaked.

Different cybersecurity incidents linked to IntelBroker are the breaches of PandaBuy, Acuity, Hewlett Packard Enterprise (HPE) and the Weee! grocery service, in addition to an alleged breach of Common Electrical Aviation.

Recent articles

Hackers Use Microsoft MSC Information to Deploy Obfuscated Backdoor in Pakistan Assaults

î ‚Dec 17, 2024î „Ravie LakshmananCyber Assault / Malware A brand new...

INTERPOL Pushes for

î ‚Dec 18, 2024î „Ravie LakshmananCyber Fraud / Social engineering INTERPOL is...

Patch Alert: Essential Apache Struts Flaw Discovered, Exploitation Makes an attempt Detected

î ‚Dec 18, 2024î „Ravie LakshmananCyber Assault / Vulnerability Risk actors are...

LEAVE A REPLY

Please enter your comment!
Please enter your name here