Home Depot GitHub token exposed for a year, granted access to internal systems
a day ago
- #github
- #security
- #data-breach
- A security researcher found a Home Depot employee's GitHub access token exposed online, granting access to private repositories and internal systems.
- The token allowed access to cloud infrastructure, order fulfillment, inventory management, and development pipelines.
- Researcher Ben Zimmermann attempted to alert Home Depot multiple times but received no response.
- Home Depot fixed the exposure after TechCrunch contacted them, but it's unclear if unauthorized access occurred.
- Home Depot lacks a formal security flaw reporting system, prompting the researcher to involve the media.