American retailer Home Depot began an internal investigation after a report that customer data and card credentials were stolen from its systems and sold on black markets, according to security researcher Brian Krebs.
â€œI can confirm we are looking into some unusual activity and we are working with our banking partners and law enforcement to investigate,â€ Paula Drake, the companyâ€™s spokesperson said.
Multiple banks have indicated Home Depot may be the source of two new batches of stolen credit cards that went on sale on the underground marketplace rescator[dot]cc, on September 2nd.
â€œHome Depot offers clients two payments options, one via PayPal and another through its own system,â€ Bitdefender Online Threats Researcher Marius Doroftei said. â€One technique hackers could have used to grab the data is through a vulnerability in https://secure2.homedepot.com, Home Depot’s own payment interface, however, since the site is SSL-secured, there is a higher probability they found a way to access the companyâ€™s storage facilities and steal the banking credentials.â€
Amid US and European sanctions against Russia for its actions in Ukraine, the hypothesis of a politically motivated attack has not been excluded either. The retailed batches of stolen cards were labeled â€œAmerican Sanctionsâ€ and â€œEuropean Sanctionsâ€. It appears the cards were issued by European banks and used in compromised US store locations.
Home Depot is also a preferred target of spammers who are overwhelming clientsâ€™ Inboxes with fake promotional newsletters and pharmaceutical offers, Bitdefender warns. The latest spam campaign hides fraudulent links under the â€œamazing new opportunityâ€ of a new window installation, offered to select subscribers looking to improve their homes.
The suspected breach may have occurred in late April or early May and could involve all 2,200 of the companyâ€™s stores in the U.S., Krebs said.
â€œProtecting our customersâ€™ information is something we take extremely seriously, and we are aggressively gathering facts at this point while working to protect customers. If we confirm that a breach has occurred, we will make sure customers are notified immediately,â€ Home Depot added.
This is the latest in a series of recent security incidents, after major financial institutions including JPMorgan Chase and allegedly four others, were hit by cyber-attacks.