Leaked database with 10K Home Depot employees roaming the wild


A database, allegedly containing the data of 10,000 Home Depot employees, has been posted by the malicious actor IntelBroker on the illicit forum BreachForums. The leaked emails and full names could be used for spear-phishing and other attacks.

The sample provided by hackers includes full names and email addresses. The Cybernews research team could not confirm the authenticity of the data. However, the leaked records appear to match with Home Depot employee social media profiles.

“In April 2024, Home Depot suffered a data breach that exposed the corporate information belonging to 10K employees of the company. Compromised data: full names and email addresses,” the hacker claims.

Home Depot is the largest home improvement retailer in the US, operating 2,300 stores. The company had 490,000 employees in 2021 – the leaked database only contains a small percentage of the total headcount.

“A third-party Software-as-a-Service (SaaS) vendor inadvertently made public a small sample of Home Depot associates’ names, work email addresses and User IDs during testing of their systems,” Home Depot spokesperson told Cybernews.

hd-leak

“While the leaked data may not be as sensitive as other types of information, it can still be used by threat actors in social engineering and phishing attacks to gain more sensitive information such as login credentials and financial data, or to distribute malware on employees' devices, which can further compromise security,” the Cybernews research team said.

The malicious actor IntelBroker has been particularly active recently. It has breached the popular global shopping platform PandaBuy, and stolen data from General Electric, the US Citizenship and Immigration Services (USCIS), US cellular carriers, and Facebook Marketplace.

Updated on April 8th [06:50 a.m. GMT] with a statement from Home Depot.


More from Cybernews:

Parental control app exposes live GPS locations of kids on internet

Major data leak hits 700,000 Estonians

X restores blue checks to influential accounts

Offline settings for Google’s Find My Device coming soon

Google refutes lax election ad check claims on YouTube

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked