IntelBroker has claimed The Home Depot data breach today. The Home Depot data leak allegedly exposes sensitive information belonging to its employees. The intrusion has seen the release of a database containing the personal details of approximately 10,000 The Home Depot employees.
The leaked information, including full names and email addresses of the employees, fosters an emergency situation with risks such as spear-phishing attacks and identity theft. The authenticity of the leaked data has not been officially confirmed, however, Home Depot says that a third-party Software-as-a-Service (SaaS) is responsible for the data breach.
Decoding The Home Depot Data Breach
The Home Depot breach appears to have affected a subset of The Home Depot’s vast workforce, with the leaked data showing a snapshot of user accounts categorized under “accounts.user.”
These accounts typically include email addresses, usernames, and unique account IDs. The consistent format of the email addresses suggests that many of the compromised accounts are internal ones, likely belonging to The Home Depot employees.
The Home Depot, renowned as the largest home improvement retailer in the United States, operates thousands of stores across the country. While the sample data provided by the threat actor represents only a fraction of its total workforce, the breach could be worse than it appears since IntelBroker, a prominent dark web hacker, has claimed the attack.
The Cyber Express has reached out to the organization to learn more about The Home Depot data leak claims. A spokesperson for Home Depot confirmed the data breach, however, the organization blamed a third-party Software-as-a-Service (SaaS) vendor for the data leak, stating, “A third-party Software-as-a-Service (SaaS) vendor inadvertently made public a small sample of Home Depot associates’ names, work email addresses and User IDs during testing of their systems.”
Moreover, upon closer inspection, TCE found that the names and email addresses in the sample data do belong to the employees of the The Home Depot, ranging from employees who’ve been working with The Home Depot from the last 10 years to as new as 1 year 8 months.
The breach announcement was made on the dark web forum BreachForums. Alongside claims of breaching The Home Depot’s database, the threat actor denoted, “Today, I have uploaded the Homedepot.com database for you to download, thanks for reading and enjoy!.”
This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on The Home Depot data. Moreover, this isn’t the first time The Home Depot was targeted in a cyberattack. There have been several instances of hackers targeting the home improvement retailer.
The Home Depot and its History with Cyberattacks
In 2020, The Home Depot Inc. settled a $17.5 million agreement with 46 U.S. states and Washington, D.C., regarding a 2014 data breach. Hackers accessed payment card data of 40 million customers from April to September 2014, targeting self-checkout terminals in U.S. and Canadian stores.
Using a vendor’s credentials, hackers infiltrated The Home Depot’s network, deploying custom malware to access payment card details. Additionally, around 52 million email addresses were exposed. Although The Home Depot denied liability, the settlement mandated hiring a chief information security officer and enhancing security measures.
Connecticut, Illinois, and Texas led the probe, emphasizing companies’ duty to safeguard customer data. The Home Depot stressed its commitment to security since 2014, having invested heavily in system security.
The breach led to $198 million in pretax expenses and resolved litigation from affected parties. Suspected to be linked to Russian and Ukrainian hackers responsible for other major breaches, The Home Depot incident was one of the biggest breaches of that year.
Comparatively, the breach may be the largest on record, potentially affecting 60 million credit card numbers. The Home Depot assures affected customers won’t bear liability for fraudulent charges, offering identity protection and credit monitoring services since April 2014.
Who is IntelBroker Hacker?
IntelBroker, a mysterious figure in cybersecurity known for high-profile cyberattacks, has remained unknown despite gaining notoriety for targeting various organizations. Speculation surrounding IntelBroker’s actions initially suggested the involvement of a skilled team, but an exclusive interview with The Cyber Express revealed that the hacker operates solo, dispelling this notion.
The motive behind IntelBroker’s attacks remains uncertain, with potential motivations ranging from financial gain to sowing disruption across sectors. The interview offered insights into IntelBroker’s hacking journey, addressing misconceptions and detailing affiliations with CyberNiggers.
IntelBroker’s activities, which emerged in October 2022, have included breaches at organizations like Weee, Los Angeles International Airport, and Acuity, among others. Despite the hacker’s success, challenges such as breaching seemingly secure systems, encountering underestimations of cybersecurity threats, and advocating for transparency in incident reporting.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
