đź’¨ Abstract
A security researcher discovered that Home Depot had exposed access to its internal systems for a year after an employee accidentally published a private access token online. The token granted access to hundreds of private source code repositories and critical systems, including cloud infrastructure and order management. The researcher attempted to notify Home Depot but was ignored until TechCrunch intervened, leading to the exposure being fixed. Home Depot lacks a formal vulnerability disclosure program, complicating responsible disclosure efforts.
Courtesy: Zack Whittaker
Suggested
Hacking group says it's extorting Pornhub after stealing users’ viewing data
Data breach at credit check giant 700Credit affects at least 5.6 million
Disney hits Google with cease-and-desist claiming 'massive' copyright infringement
Epic Games' Fortnite is back in US Google Play Store, as court partially reverses restrictions it won on iOS
The market has 'switched' and founders have the power now, VCs say
1X struck a deal to send its 'home' humanoids to factories and warehouses
Google launched its deepest AI research agent yet — on the same day OpenAI dropped GPT-5.2
Stanford's star reporter takes on Silicon Valley's 'money-soaked' startup culture
World launches its 'super app,' including crypto pay and encrypted chat features