Home Depot sends hundreds of emails to wrong customers

News
By published

Tons of other people's order notifications flood inboxes

A Home Depot store in Etobicoke, Ontario, outside Toronto.
(Image credit: Niloo/Shutterstock)

Eh sorry! Home Depot Canada is red-faced after sending out hundreds of order-pickup notifications to the wrong people.

"Hey um... I'm pretty sure I received a reminder email for literally every online order that is currently ready for pick up at literally every Home Depot store in Canada," tweeted Spencer Monckton, a graduate student in Toronto, yesterday (Oct. 28). "There are 660+ emails. Something has gone wrong." (This story was first reported by Bleeping Computer.)

"This is a VERY serious data breach that has affected at least 900 consumers, not just in-store pick-up," tweeted Bethany Frances of the London, Ontario area. "My ONLINE ORDER was sent to 300 people, and I received the ONLINE ORDERS of 43 others. Names, home addresses, order info and credit card info was all shared :("

That's all accurate, except for the bit about the credit-card information -- only the last four digits of card numbers were included in the emails, according to Bleeping Computer. Many of the emails contained the address of the Home Depot store where the order was to be picked up, but some had the customer's home address as well.

Affected Home Depot Canada customers are not facing much extra risk as a result of these emails. Crooks can't do much with only four credit-card digits. It's possible, but unlikely, that some of the recipients of this email flood might forward them to spammers who could harvest the email addresses.

Still, this is pretty embarrassing for Home Depot, and its Canadian division quickly created a boilerplate explanation, if not quite an apology, for everyone who tweeted at it complaining of the email messages.

"Thank you for reaching out to us. We are aware of what occurred this morning and can confirm that this issue has now been fixed," multiple identical Home Depot Canada tweet replies said. "This issue impacted a very small number of our customers who had in-store pick-up orders. Please DM us with any additional questions."

See more Computing News
TOPICS
Paul Wagenseil
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Email
Image of Gmail's logo on a laptop
Need a hand? Gmail’s ‘Help me write’ comes to web users — everything you need to know
The Microsoft Outlook app open on a phone
Microsoft Outlook went down — what to do if it's not working for you
Image of Gmail logo on a laptop
Google is deleting inactive Gmail accounts — here's how to save yours
Yahoo Mail icon on a phone home screen
Yahoo Mail is the latest service to get in on the AI craze
An image of the Gmail app, representing an article on how to create a new gmail account
Gmail's Quick Reply feature lets you react to emails like they were text messages
An image of the Gmail app, representing an article on how to create a new gmail account
One inbox to rule them all — how to transfer emails between Gmail accounts
Latest in News
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
half-life alyx
Latest Half-Life 3 rumors point to a 2025 release — and maybe pigs will fly
NFL Sunday Ticket logo for YouTube
NFL Sunday Ticket 2025 pricing revealed — and it's bad news
More about email
Image of Gmail's logo on a laptop

Need a hand? Gmail’s ‘Help me write’ comes to web users — everything you need to know
The Microsoft Outlook app open on a phone

Microsoft Outlook went down — what to do if it's not working for you
Photo of patio furniture

Hurry! Save up to 50% off patio furniture and accessories
See more latest
1 Comment Comment from the forums
  • mejustsayin
    home depot has a history of messing up their emails. I remember a couple of years ago, I made a payment of 100 bucks then almost immediately gotten several emails about payments being processed for 10,000 bucks. Fortunately it was just a bug because I would still be sitting in jail if those payments tried to process through my bank. when I called them they said I was not the only one.
    Reply
Most Popular
A first look at Amazon's Fallout TV series coming to Prime Video
‘Fallout’ season 3 plans are reportedly being made — while season 2 is still filming
New emojis with iOS 18.4 beta release.
iOS 18.4 beta brings 8 new emoji to your iPhone — here's all the new options
Surface Laptop 7 from the front
Amazon just gave Surface Laptop 7 a 'frequently returned' label — here's what's going on
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
half-life alyx
Latest Half-Life 3 rumors point to a 2025 release — and maybe pigs will fly
NFL Sunday Ticket logo for YouTube
NFL Sunday Ticket 2025 pricing revealed — and it's bad news
Russian flag with padlock smashing through glass
47 VPNs could be axed from Google Play Store following Russian demands
Ben Mendelsohn in Andor season 2
'Welcome to the Rebellion' — new ‘Andor’ season 2 trailer teases a darker edge
ChatGPT on iPhone
ChatGPT was down — updates on quick outage
Emma D'Arcy in House of the Dragon season 2
‘House of the Dragon’ season 3 has officially begun filming — what it could mean for the potential release window