Posted by Kyle 9:18 AM (CDT)
Friday April 28, 2017
If you recall, back in 2014 Home Depot "allowed" 56 million of it customers' credit card information to be stolen. Apparently now you don't even have to "hack" into Home Depot to get some of its customers' information, Home Depot will just put it online for everyone to see. Just because you know how to use a hammer apparently does not qualify you to run an online business. Whodathunkit?
The internet address that hosted these spreadsheets آ— along with one random document containing a scanned printout of a customer’s name, address, and signature آ— was part of the HomeDepot.com domain; and all the files there were unencrypted, unprotected, discoverable by search engines (several of the email addresses listed, when typed into a Google search, surfaced the documents), and completely accessible to the open internet.