Nearly 300,000 customer records from Home Depot, acquired by a hacker in 2020, are now being offered for free on the dark web, according to a firm that tracks such activity.
Cyberint, an Israeli firm with offices in the U.S., the UK, France and Singapore, said a threat actor recently began offering a total of 299,394 customer records, likely as a way of gaining credibility and moving up the ranks as a source of valuable material on the dark web.
Customer information being offered include details such as addresses, phone numbers, delivery records, brands purchased and orders, according to Cyberint. It was offered recently on a dark web marketplace called Breached.co, which has sprung up as the heir apparent to RaidForums. That notorious site, which the Department of Justice called “one of the world’s largest hacker forums,” was seized by the FBI in February and shut down in April.
“This is an old issue and has been closed,” said Home Depot spokesperson Margaret Smith. “No sensitive financial or personal data like social security numbers, credit card numbers or bank account details were involved. We take our responsibility to protect customer information extremely seriously.”
Cyberint CEO Yochai Corem said while none of that information on Home Depot customers was shared, what was available could still be used by fraudsters to pursue victims.
“While the data does not include credit card or bank details, threat actors are able to use names and email addresses for further attacks, which could include phishing or fraud,” Corem said. “With the use of this data, they’re able to gain trust from the retailer’s customers, coercing them into acting in a particular way, for instance, giving up bank details or clicking corrupted links.”
Fraudsters can also use the data the other way, he said, using it to “verify” themselves as a valid customer and have the retailer redirect an order to another address.
Corem said it’s not unusual for customer records to show up this long after a breach, as fresh data is initially sold exclusively to specific buyers, then offered for free. “They can’t monetize them further, so they use them to increase their reputation among other threat actors,” he said.
The post Home Depot Customer Records Offered on Dark Web appeared first on Multichannel Merchant.
0 Commentaires