Security News > 2020 > October > Home Depot blunder emails customer order info to strangers

Home Depot blunder emails customer order info to strangers
2020-10-28 17:53

Today multiple reports have emerged from Home Depot customers in Canada stating that the company had sent them hundreds of emails containing order information of strangers.

The emails obtained by BleepingComputer reveal information such as the customer's name, order number along with QR code, pick-up store address-or in some cases the customer's home address, items in the order, and payment receipt containing the last 4 digits of the payment card number.

"In some cases it's possible to match up the first name with an email address from the to line. In theory it's possible to pick up these people's orders using the order number/QR code, since Home Depot doesn't always check ID for customers when they show up for curbside pick-up. Quite a blunder!".

Bethanyfrances' concern has merit to it considering her private information, including home address and partial payment card information was leaked to hundreds of strangers CC'd in the email she had received from Home Depot.

Receiving not a few-but hundreds of emails with full names, home addresses, email addresses, partial payment card numbers, and order info of random strangers would ring anyone's alarm bells.


News URL

https://www.bleepingcomputer.com/news/security/home-depot-blunder-emails-customer-order-info-to-strangers/