Home Depot, a major retailer, recently faced a significant security incident where access to its internal systems was exposed for an entire year due to a leaked access token, according to a TechCrunch report. The exposure, discovered by security researcher Ben Zimmermann, stemmed from a mistakenly published GitHub access token belonging to a Home Depot employee. This token granted unauthorized access to numerous private Home Depot source code repositories on GitHub, potentially allowing modifications to their content.
Zimmermann attempted to alert Home Depot about the security lapse, but his warnings went unanswered for weeks. It wasn’t until TechCrunch intervened that the issue was promptly addressed by the company.
The leaked token not only jeopardized the security of Home Depot’s source code but also provided access to critical cloud infrastructure, including order fulfillment, inventory management systems, and code development pipelines. Despite Zimmermann’s efforts to reach out to Home Depot via multiple channels, including emails and a message to the chief information security officer, the company remained unresponsive, making it the only entity to disregard his warnings.
As a result of this incident and the lack of a formal vulnerability reporting mechanism at Home Depot, Zimmermann resorted to seeking external assistance to mitigate the exposure.
Source: TechCrunch
Leave a Reply