Security News > 2020 > October > Home Depot Confirms Data Breach in Order Confirmation SNAFU

Home Depot has exposed the private order confirmations of hundreds of Canadian consumers, containing names, physical addresses, email addresses, order details and partial credit-card information.

After customers began reporting that they had received hundreds of emails from the home-improvement giant, each containing an order confirmation for a stranger, the company confirmed the issue.

One affected customer posted a screenshot of his inbox on Twitter, filled with random people's order confirmations, tweeting: "Hey um I'm pretty sure I received a reminder email for literally every online order that is currently ready for pick up at literally every Home Depot store in Canada. There are 660+ emails. Something has gone wrong."

"The data release from some of Home Depot's customers in Canada is unusual, in that the breach seems to be the result of an internal system error rather than an external attack," Saryu Nayyar, CEO at Gurucul, said via email.

"Still, releasing home and email addresses and recent order confirmations could be gold for a malicious actor. Personal information like that can be leveraged into a convincing phishing email, which could lead to the affected customers becoming victims."

News URL

https://threatpost.com/home-depot-data-breach-order-confirmation/160728/