Home Depot exposes thousands of customers online

Names, addresses, and other personal information were posted to HomeDepot.com without encryption You may recall that a few years ago hacke...

Names, addresses, and other personal information were posted to HomeDepot.com without encryption

You may recall that a few years ago hackers gained access to the credit card information of 56 million Home Depot customers. Well, Home Depot has suffered another data breach. However, this time it was not hackers that were to blame. According to Consumerist, whoever designed and manages its website posted customer information on the HomeDepot.com domain without any encryption or any other sort of protection. The data was completely exposed and indexed by search engines.

The compromised information consisted of 13 spreadsheets containing full names, addresses, phone numbers, and email addresses of around 8,000 customers. The documents were apparently part of Home Depot’s installation complaint department as the spreadsheets also contained detailed complaint information such as what was installed (countertop, tile, etc.), the reason for the complaint, and the customer service agent that handled the complaint. There was also at least one facsimile containing the name, address, and signature of a client.

It is unknown how long the data had been exposed, and HomeDepot has since removed it and issued a statement.

“The information was out there, and as hard as it would have been for anyone to find, it shouldn’t have been [out there]. This was an inadvertent human error that we addressed as soon as we discovered it. Although the data was low-risk and not the type of information commonly used for fraud or identity theft, we take the matter very seriously.”

The fact that someone indeed found it and that the information was indexed by each engines (see image), flies in the face of Home Depot’s stance that the information was hard to find. However, since the documents contained no credit card, bank account, or Social Security numbers, it is legally not considered a data breach.

Home Depot and the law looks at the data that was exposed as no more than what someone would find in a telephone book. However, as Consumerist points out, the data also contained transaction information. Looking up a name in a directory is not going to reveal where a person has conducted business and what goods and services they purchased. Nor will it tell what problems they had with the product or service.

A scammer skilled in social engineering, which most are, could do a lot with those Home Depot spreadsheets. Posing as someone from Home Depot might not be that easy. However, when armed with specific information, not only about the customer but about what they had installed and what problems they had with the installation, scammers can use the information to sound very convincing. When posing as a customer service representative, what other information could a malicious party get from the victim?

Home Depot says that they are not going to contact clients who were on the documents as they believe it will open them up to phishing scams, which is a valid concern. Instead, they are asking that customers concerned about their privacy call Home Depot Customer Service.

Screenshot by Consumerist


http://www.techspot.com/news/69132-home-depot-exposes-thousands-customers-online.html
Name

English News techspot.com
false
ltr
item
Techno - Gampong IT - Reference Information Technology: Home Depot exposes thousands of customers online
Home Depot exposes thousands of customers online
http://www.techspot.com/images2/news/bigimage/2017/04/2017-04-28-image-12.jpg
Techno - Gampong IT - Reference Information Technology
http://techno.gampongit.com/2017/04/home-depot-exposes-thousands-of.html
http://techno.gampongit.com/
http://techno.gampongit.com/
http://techno.gampongit.com/2017/04/home-depot-exposes-thousands-of.html
true
7281475864779722461
UTF-8
Tidak ditemukan artikel apapun LIHAT SEMUA Selengkapnya Balas Batal Balas Hapus Oleh Beranda HALAMAN ARTIKEL Lihat Semua REKOMENDASI LABEL ARSIP SEARCH SEMUA ARTIKEL Tidak ditemukan posting yang sesuai dengan permintaan Anda Halaman Utama Minggu Senin Selesa Rabu Kamis Jumat Sabtu Min Sen Sel Rab Kam Jum Sab Januari Februari Maret April Mei Juni Juli Agustus September Oktober November Desember Jan Feb Mar Apr Mei Jun Jul Agu Sep Okt Nov Des baru saja 1 menit lalu $$1$$ minutes ago 1 jam lalu $$1$$ hours ago Kemarin $$1$$ days ago $$1$$ weeks ago lebih dari 5 minggu yang lalu Pengikut Ikuti KONTEN PREMIUM Silakan share untuk membuka Salin Semua Code Pilih Semua Code Semua kode disalin ke clipboard Anda Tidak dapat menyalin kode/teks, silakan tekan [CTRL] + [C] (atau CMD + C dengan Mac) untuk menyalin