Home Depot Investigates Possible Credit Card Breach
American retailer Home Depot began an internal investigation after a report that customer data and card credentials were stolen from its systems and sold on black markets, according to security researcher Brian Krebs.
“I can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,” Paula Drake, the company`s spokesperson said.
Multiple banks have indicated Home Depot may be the source of two new batches of stolen credit cards that went on sale on the underground marketplace rescator[dot]cc, on September 2nd.
“Home Depot offers clients two payments options, one via PayPal and another through its own system,” Bitdefender Online Threats Researcher Marius Doroftei said. “One technique hackers could have used to grab the data is through a vulnerability in https://secure2.homedepot.com, Home Depot’s own payment interface, however, since the site is SSL-secured, there is a higher probability they found a way to access the company`s storage facilities and steal the banking credentials.”
Amid US and European sanctions against Russia for its actions in Ukraine, the hypothesis of a politically motivated attack has not been excluded either. The retailed batches of stolen cards were labeled “American Sanctions” and “European Sanctions”. It appears the cards were issued by European banks and used in compromised US store locations.
Home Depot is also a preferred target of spammers who are overwhelming clients` Inboxes with fake promotional newsletters and pharmaceutical offers, Bitdefender warns. The latest spam campaign hides fraudulent links under the “amazing new opportunity” of a new window installation, offered to select subscribers looking to improve their homes.
The suspected breach may have occurred in late April or early May and could involve all 2,200 of the company`s stores in the U.S., Krebs said.
“Protecting our customers` information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately,” Home Depot added.
This is the latest in a series of recent security incidents, after major financial institutions including JPMorgan Chase and allegedly four others, were hit by cyber-attacks.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021