Customer data and images leaked from Home Depot MyInstall complaint service

Home Depot has been storing mountains of customer data on a publicly accessible, unencrypted page, leaving many of them vulnerable to scams and identity theft, according to Consumerist. Worse yet, some of the files found on the page were even discoverable by search engines, making them even easier to find.

It is not uncommon to discover that a large corporate entity or organization is running a website with poor security, or even leaving customer information accessible to hackers. Home Depot’s latest debacle, might not affect a large number of people but it is still pretty egregious and shows there is a myriad of ways large companies can have weak security.

Recommended Videos

As many as 8,000 customers’ details were available in a publicly accessible Excel document, alongside many images of customers themselves and their products. Discovered by a concerned tipster and forwarded to Consumerist, the leak does not contain any financial information but there is still a lot of personal data up for grabs for anyone with an inquisitive mind.

The security flaw seems to stem from Home Depot’s MyInstall program, a service which helps customers communicate with installers. The recorded data is all related to complaints to do with the service, including logged names and addresses, the nature of the complaint and in some cases photos of the problem and the customers’ buying the product in question.

Home Depot’s response to a request for comment saw it remove the data immediately and claim that although it did not see the data as a high risk, it should not have been available as it was.

Although it is arguable that the data in this leak is not of the most sensitive type, it could easily be used as the foundation for a phishing scam. Likewise, social engineering becomes far easier with this sort of information.

As it stands, we do not know why this information was as publicly available as it was, but it is possible that it was the error of an employee at Home Depot, or possibly even someone acting maliciously. It may even be something as simple as Home Depot not investing in a robust software solution for its MyInstall program.

Home Depot says it has no plans to contact affected consumers, lest that invite a phishing scam, it is urging anyone that thinks they may be affected to contact its customer service number.

The concern now is that Home Depot is unlikely to be the only company operating companion services like this with lackluster security. Although far from the fault of consumers, security breaches like this go to show why you need to take your own security very seriously. Making sure you are not using weak passwords is an important first step.

This is not the first time Home Depot has been found with less-than-ideal digital security. It recently paid more than $20 million to settle a leak in 2014, which saw hackers steal the payment and personal information of millions of its customers.

Editors' Recommendations

Jon Martindale is the Evergreen Coordinator for Computing, overseeing a team of writers addressing all the latest how to…
How to enable picture-in-picture for YouTube on your Mac

If you want to have a bit of music playing in the background or want to have your favorite YouTube video running in the corner of your screen, then the picture-in-picture YouTube feature needs to be on your radar. This allows you to turn your YouTube videos into a tiny pop-up window that can be moved and repositioned around your screen.

Mac users have several ways to activate the feature, including support on both Safari and Google Chrome. There's also a nifty Chrome extension that simplifies the task to a single button press. Here's a look at how to enable picture-in-picture for YouTube on your Mac.

Read more
How to change your Gmail password

Changing your Gmail password is incredibly important for your online security. If you're anything like the average user, your Gmail account is linked to dozens of other organizations and programs – and if your account gets hacked, there's no telling what sort of damage can be done.

Because of this, it's crucial to change your Gmail password at regular intervals. Google makes this a rather painless process, and it should take no more than a few seconds from start to finish.

Read more
Best Buy deals: Save on laptops, TVs, appliances, and more

Best Buy is always a great retailer to turn to if you’re looking for some savings. There are almost always Best Buy deals taking place on TVs, appliances, and devices we use to navigate the digital world. In fact, right now at Best Buy you can find some of the best TV deals, best laptop deals, and best phone deals that can be shopped, and we haven’t even mentioned the deals on tablets and home audio equipment currently taking place at Best Buy. We’ve rounded up all of the best Best Buy deals you can shop right now and categorized them for your convenience below, so read onward for some great opportunities to save.
Best Buy TV deals

There may be no better place to purchase one of the best TVs than Best Buy. There is almost always some huge savings to find on TVs at Best Buy, and that’s certainly the case right now. You’ll find deals top TV brands like Sony, Samsung, and LG, and more budget-friendly brands like TCL and Hisense are in play, too.

Read more