Home Depot confirms worker data leak after miscreant dumps info online

SaaS slip up leads to scumbags seeking sinecure

Home Depot has confirmed that a third-party company accidentally exposed some of its employees' personal details after a criminal copy-pasted the data online.

In a statement to The Register, Home Depot spokesperson Beth Marlowe said: "A third-party SaaS vendor inadvertently made public a small sample Home Depot associates' names, work email addresses and User IDs during testing of their systems."

Marlowe declined to say how many employees were affected, name the third-party vendor, nor answer our additional questions about the data theft. To us, it appears someone saw that sample on the public internet, grabbed it a copy, and leaked some or all of it on the dark web.

The retailer's disclosure comes after a crook who goes by the moniker IntelBroker shared the info on BreachForums. On Friday, they claimed to have made available a Home Depot database containing corporate information belonging to 10,000 employees from an attack this month. 

We should note: The Register has not verified the information. However, the Home Depot statement indicates that it's legitimate. 

And while the intrusion doesn't appear to have affected business operations, nor included financial and/or customers' data, the stolen employee details could be used to target Home Depot staff for credential theft, which could then be used to gain unauthorized access to more sensitive corporate systems and information.

The corporation, which claims to be the world's largest home improvement retailer, employs about 475,000 associates at more than 2,300 mega-stores across the US, Canada and Mexico. Home Depot's revenue for the 12-month period ending January 31 reached $152.7 billion, according to its financial statements.

IntelBroker is the same scumbag behind the theft of information belonging to the Pentagon and other national security agencies, which was then leaked last week.

This stolen data allegedly included names, email addresses, and office and personal cell phone numbers belonging to federal employees as well as classified and confidential communications and documents shared between the Five Eyes' intelligence agencies and other US allies. 

The State Department "is aware of claims that a cyber incident has occurred and is currently investigating," a spokesperson told The Register last Thursday. An IT supplier for the US military – the vendor from which IntelBroker grabbed the info – confirmed a cyberattack happened but denied any sensitive data was involved.

This particular digital thief has also claimed responsibility for a 2023 breach of servers run by DC Health Care Link, which administers Congressional healthcare plans, during which they stole members of Congress and staff's personal information and then offered it for sale on the dark web forum. ®

More about


Send us news

Other stories you might like