Home Depot sends hundreds of emails to wrong customers
Tons of other people's order notifications flood inboxes
Eh sorry! Home Depot Canada is red-faced after sending out hundreds of order-pickup notifications to the wrong people.
"Hey um... I'm pretty sure I received a reminder email for literally every online order that is currently ready for pick up at literally every Home Depot store in Canada," tweeted Spencer Monckton, a graduate student in Toronto, yesterday (Oct. 28). "There are 660+ emails. Something has gone wrong." (This story was first reported by Bleeping Computer.)
@HomeDepotCanada Hey um... I'm pretty sure I received a reminder email for literally every online order that is currently ready for pick up at literally every Home Depot store in Canada. There are 660+ emails. Something has gone wrong. pic.twitter.com/mBcO40Ge3oOctober 28, 2020
- What to do after a data breach: A step-by-step guide
- The best identity-theft protection services
- New: iPhone 13 Flip leak just revealed Apple's secret weapon
"This is a VERY serious data breach that has affected at least 900 consumers, not just in-store pick-up," tweeted Bethany Frances of the London, Ontario area. "My ONLINE ORDER was sent to 300 people, and I received the ONLINE ORDERS of 43 others. Names, home addresses, order info and credit card info was all shared :("
This is a VERY serious data breach that has affected at least 900 consumers, not just in-store pick-up. My ONLINE ORDER was sent to 300 people, and I received the ONLINE ORDERS of 43 others. Names, home addresses, order info and credit card info was all shared :( @HomeDepotOctober 28, 2020
That's all accurate, except for the bit about the credit-card information -- only the last four digits of card numbers were included in the emails, according to Bleeping Computer. Many of the emails contained the address of the Home Depot store where the order was to be picked up, but some had the customer's home address as well.
Affected Home Depot Canada customers are not facing much extra risk as a result of these emails. Crooks can't do much with only four credit-card digits. It's possible, but unlikely, that some of the recipients of this email flood might forward them to spammers who could harvest the email addresses.
Still, this is pretty embarrassing for Home Depot, and its Canadian division quickly created a boilerplate explanation, if not quite an apology, for everyone who tweeted at it complaining of the email messages.
"Thank you for reaching out to us. We are aware of what occurred this morning and can confirm that this issue has now been fixed," multiple identical Home Depot Canada tweet replies said. "This issue impacted a very small number of our customers who had in-store pick-up orders. Please DM us with any additional questions."
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.
-
mejustsayin home depot has a history of messing up their emails. I remember a couple of years ago, I made a payment of 100 bucks then almost immediately gotten several emails about payments being processed for 10,000 bucks. Fortunately it was just a bug because I would still be sitting in jail if those payments tried to process through my bank. when I called them they said I was not the only one.Reply