Home Depot exposed internal systems for a year after employee published access token online
By
kernelrocks
5mo ago· 2 min readenNews
65/100
Toasty
Bagelometer↗
Reliable enough to start your morning with. Toast it again tomorrow.
Score65TypenewsSentimentnegative
Summary
A security researcher discovered that Home Depot exposed access to its internal systems for approximately a year after an employee accidentally published a private GitHub access token online. The researcher attempted to privately alert Home Depot to the security lapse but was ignored for several weeks. The exposure was only fixed after TechCrunch contacted company representatives about the issue.
Key quotes
· 4 pulledA security researcher said Home Depot exposed access to its internal systems for a year after one of its employees published a private access token online, likely by mistake.
The researcher found the exposed token and tried to privately alert Home Depot to its security lapse but was ignored for several weeks.
The exposure is now fixed after TechCrunch contacted company representatives last week.
Security researcher Ben Zimmermann told TechCrunch that, in early November, he found a published GitHub access token belonging to a Home Depot employee, which was exposed sometime in early 20
A security researcher tried to alert Home Depot to the security lapse exposing its back-end GitHub source code repos and other internal cloud systems, but was ignored.
