Skip to main content

Customer data and images leaked from Home Depot MyInstall complaint service

Home Depot has been storing mountains of customer data on a publicly accessible, unencrypted page, leaving many of them vulnerable to scams and identity theft, according to Consumerist. Worse yet, some of the files found on the page were even discoverable by search engines, making them even easier to find.

It is not uncommon to discover that a large corporate entity or organization is running a website with poor security, or even leaving customer information accessible to hackers. Home Depot’s latest debacle, might not affect a large number of people but it is still pretty egregious and shows there is a myriad of ways large companies can have weak security.

As many as 8,000 customers’ details were available in a publicly accessible Excel document, alongside many images of customers themselves and their products. Discovered by a concerned tipster and forwarded to Consumerist, the leak does not contain any financial information but there is still a lot of personal data up for grabs for anyone with an inquisitive mind.

The security flaw seems to stem from Home Depot’s MyInstall program, a service which helps customers communicate with installers. The recorded data is all related to complaints to do with the service, including logged names and addresses, the nature of the complaint and in some cases photos of the problem and the customers’ buying the product in question.

Home Depot’s response to a request for comment saw it remove the data immediately and claim that although it did not see the data as a high risk, it should not have been available as it was.

Although it is arguable that the data in this leak is not of the most sensitive type, it could easily be used as the foundation for a phishing scam. Likewise, social engineering becomes far easier with this sort of information.

As it stands, we do not know why this information was as publicly available as it was, but it is possible that it was the error of an employee at Home Depot, or possibly even someone acting maliciously. It may even be something as simple as Home Depot not investing in a robust software solution for its MyInstall program.

Home Depot says it has no plans to contact affected consumers, lest that invite a phishing scam, it is urging anyone that thinks they may be affected to contact its customer service number.

The concern now is that Home Depot is unlikely to be the only company operating companion services like this with lackluster security. Although far from the fault of consumers, security breaches like this go to show why you need to take your own security very seriously. Making sure you are not using weak passwords is an important first step.

This is not the first time Home Depot has been found with less-than-ideal digital security. It recently paid more than $20 million to settle a leak in 2014, which saw hackers steal the payment and personal information of millions of its customers.

Editors' Recommendations

Jon Martindale
Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
How to change your language in Google Chrome on desktop
Chrome OS

Google Chrome supports a wide range of languages. While it'll default to English in most cases, there's nothing stopping you from changing its settings and displaying pages in Spanish, French, or dozens of other languages.

Changing your default language in Chrome takes only a few seconds, and the technique used is the same across Windows and Mac. Aside from changing your language, note that Chrome now gives you the option to automatically translate pages written in another language – making it easy to read content from around the globe.

Read more
23 of the best Netflix hacks, tips, and tricks
The Netflix home screen.

Netflix is one of the most popular streaming platforms for all things movies and TV shows. Home to an immense library of titles, the Netflix archive is constantly changing and evolving, and so are the many ways you can use your Netflix account. 

For instance, did you know you can access region-locked Netflix shows and flicks by using a VPN? Or that you can disable that pesky Autoplay feature? There are tons of Netflix hacks, tips, and tricks out there, so we’ve gone ahead and rounded up all of our favorites! 
Expand your streaming with a VPN

Read more
How to make a GIF from a YouTube video
woman sitting and using laptop

Sometimes, whether you're chatting with friends or posting on social media, words just aren't enough -- you need a GIF to fully convey your feelings. If there's a moment from a YouTube video that you want to snip into a GIF, the good news is that you don't need complex software to so it. There are now a bunch of ways to make a GIF from a YouTube video right in your browser.

If you want to use desktop software like Photoshop to make a GIF, then you'll need to download the YouTube video first before you can start making a GIF. However, if you don't want to go through that bother then there are several ways you can make a GIF right in your browser, without the need to download anything. That's ideal if you're working with a low-specced laptop or on a phone, as all the processing to make the GIF is done in the cloud rather than on your machine. With these options you can make quick and fun GIFs from YouTube videos in just a few minutes.
Use GIFs.com for great customization
Step 1: Find the YouTube video that you want to turn into a GIF (perhaps a NASA archive?) and copy its URL.

Read more