Nearly 300,000 customer records from Home Depot, representing about 10,000 individuals, were acquired by a hacker in 2020 and are now being offered for free on the dark web.
Cyberint, an Israeli firm with offices in the U.S., the UK, France and Singapore, said a threat actor recently began offering 299,354 customer records, comprised of multiple bits of information from each individual. It was likely used to gain credibility and move up the ranks as a source of valuable material on the dark web.
Customer information being offered include details such as addresses, phone numbers, delivery records, brands purchased and orders, according to Cyberint. It was offered recently on a dark web marketplace called Breached.co, which has sprung up as the heir apparent to RaidForums. That notorious site, which the Department of Justice called “one of the world’s largest hacker forums,” was seized by the FBI in February and shut down in April.
“This is an old issue and has been fully investigated,” said Home Depot spokesperson Margaret Smith. “No sensitive financial or personal data like social security numbers, credit card numbers or bank account details were involved. We take our responsibility to protect customer information extremely seriously.”
Cyberint CEO Yochai Corem said while none of that information on Home Depot customers was shared, what was available could still be used by fraudsters to pursue victims.
“While the data does not include credit card or bank details, threat actors are able to use names and email addresses for further attacks, which could include phishing or fraud,” Corem said. “With the use of this data, they’re able to gain trust from the retailer’s customers, coercing them into acting in a particular way, for instance, giving up bank details or clicking corrupted links.”
Fraudsters can also use the data the other way, he said, using it to “verify” themselves as a valid customer and have the retailer redirect an order to another address.
Corem said it’s not unusual for customer records to show up this long after a breach, as fresh data is initially sold exclusively to specific buyers, then offered for free. “They can’t monetize them further, so they use them to increase their reputation among other threat actors,” he said.