Home Depot has formally revealed that a third-party data breach caused by one of its SaaS partners affected a "small" number of sensitive employee records. The incident apparently occurred when the SaaS vendor accidentally exposed the data.
Home Depot is North America's largest home improvement retailer, with over 2,300 stores and 475,000 employees. On Thursday, a threat actor, IntelBroker, leaked restricted data for around 10,000 Home Depot employees through a hacker forum.
According to the forum post, Home Depot experienced a data breach in April 2024, which exposed the corporate information of 10,000 of its employees.
(Photo: Jefferson Santos from Unsplash) Cybercriminals are becoming smarter in bypassing multi-factor authentication (MFA) through their social engineering techniques.
The corporation admitted that one third-party SaaS provider inadvertently released sample employee data. The exposed data comprises a small sample of Home Depot associates' names, work email addresses, and User IDs obtained during system testing.
While this data is not very sensitive, revealing merely company IDs, names, and email addresses, threat actors might use it to launch targeted phishing attacks on Home Depot workers.
According to sources, despite being unable to authenticate the data, the disclosed details appear to be consistent with Home Depot employee social network profiles.
Read Also: SurveyLama Alarmed Over Data Breach of 4.4 Million Users
IntelBroker Data Breach
While Home Depot's consumer base is unaffected, IntelBroker has reportedly gained attention for its concentration on high-profile targets in the United States.
Their most recent reported intrusions include infiltrating Acuity, Inc., a federal contractor headquartered in Reston, Virginia, and stealing extremely sensitive data from the United States. Citizenship and Immigration Services (USCIS) and U.S. Immigrant and Customs Enforcement (ICE).
The US government first disputed the data breach, but it was recognized (albeit not validated) on April 3, 2024, when the IntelBroker hacker published the whole dataset to prove its authenticity. As a result, the US Department of Justice has launched an inquiry into the situation.
Although the hacker's name and affiliations are unknown, the US government has accused IntelBroker of being the alleged perpetrator of one of the T-Mobile data thefts.
Furthermore, IntelBroker has a history of targeting prominent entities in the United States, with previous breaches affecting institutions such as the Los Angeles International Airport, US Department of Defense documents, staffing firm Robert Half, and most notoriously, Facebook Marketplace's database.
Facebook Data Breach
IntelBroker leaked 200,000 Facebook Marketplace user data, including names, phone numbers, email addresses, Facebook IDs, and profile details, last February.
The threat actor says that in October 2023, someone using the Discord moniker 'algoatson' infiltrated the networks of a Meta contractor to obtain this section of the Facebook Marketplace database.
IntelBroker concealed the name of the contractor who was allegedly targeted. It is important to note that Facebook does not manage all Facebook Marketplace data through a single contractor organization. Instead, depending on the data aspect, they use a combination of external partners and internal teams.
Related Article: Cyber Safety Review Board Blames Microsoft's "Inadequate" Security for 2023 Data Breach
