Breach, Data Security

Firm explores attack methods allowing possible Home Depot breach

Hackers could have exploited a vulnerability in Home Depot's payment interface to steal customer payment information, a Bitdefender reseracher said, though it's more likely they broke into the company's storage facilities to steal credentials linked with a potential breach.

Since Home Depot's payment interface, https://secure2.homedepot.com, is SSL-secured, there is a "higher probability" attackers gained access through the latter attack method, researcher Marius Doroftei said in a Wednesday blog post.

A large number of payment cards, suspected as being tied to Home Depot, surfaced on an underground marketplace,  prior to the company launching an investigation. Initial reports speculate that all of the company's 2,200 stores could be impacted, and the unauthorized access might date back to late April or early May.

While Home Depot investigates, it reassured customers that they wouldn't be responsible for fraudulent charges if a breach did occur.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.