Leaked database with 10K Home Depot employees roaming the wild


A database, allegedly containing the data of 10,000 Home Depot employees, has been posted by the malicious actor IntelBroker on the illicit forum BreachForums. The leaked emails and full names could be used for spear-phishing and other attacks.

The sample provided by hackers includes full names and email addresses. The Cybernews research team could not confirm the authenticity of the data. However, the leaked records appear to match with Home Depot employee social media profiles.

“In April 2024, Home Depot suffered a data breach that exposed the corporate information belonging to 10K employees of the company. Compromised data: full names and email addresses,” the hacker claims.

ADVERTISEMENT

Home Depot is the largest home improvement retailer in the US, operating 2,300 stores. The company had 490,000 employees in 2021 – the leaked database only contains a small percentage of the total headcount.

“A third-party Software-as-a-Service (SaaS) vendor inadvertently made public a small sample of Home Depot associates’ names, work email addresses and User IDs during testing of their systems,” Home Depot spokesperson told Cybernews.

hd-leak

“While the leaked data may not be as sensitive as other types of information, it can still be used by threat actors in social engineering and phishing attacks to gain more sensitive information such as login credentials and financial data, or to distribute malware on employees' devices, which can further compromise security,” the Cybernews research team said.

The malicious actor IntelBroker has been particularly active recently. It has breached the popular global shopping platform PandaBuy, and stolen data from General Electric, the US Citizenship and Immigration Services (USCIS), US cellular carriers, and Facebook Marketplace.

Updated on April 8th [06:50 a.m. GMT] with a statement from Home Depot.

ADVERTISEMENT