www.itpro.com Open in urlscan Pro
151.101.66.114  Public Scan

Submitted URL: https://r.smartbrief.com/resp/rSdoCTeVdBDzvAtvCigydnBWcNxMVQ?format=multipart
Effective URL: https://www.itpro.com/security/misconfigured-saas-applications-led-to-the-home-depot-data-breach-and-experts-say-its-n...
Submission: On April 14 via api from BE — Scanned from DE

Form analysis 2 forms found in the DOM

GET https://www.itpro.com/search

<form class="search-box" action="https://www.itpro.com/search" method="GET" data-analytics-id="search-submit" data-before-rewrite-localise="/search" data-component-tracked="19">
  <label for="search-input" class="sr-only">Search IT Pro</label>
  <input tabindex="0" type="search" name="searchTerm" placeholder="Search IT Pro" class="search-input" id="search-input">
  <button type="submit" class="search-submit" aria-label="Search">
    <span class="search-icon">
      <svg class="icon-svg" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1000 1000">
        <path d="M720 124a422 422 0 1 0-73 654l221 222 132-131-222-222a422 422 0 0 0-58-523zm-92 504a291 291 0 1 1-412-412 291 291 0 0 1 412 411z"></path>
      </svg> </span>
  </button>
</form>

POST https://newsletter-subscribe.futureplc.com/v2/submission/submit

<form data-hydrate="true" class="newsletter-form__form newsletter-form__form--inbodyContent" method="POST" action="https://newsletter-subscribe.futureplc.com/v2/submission/submit"><input data-hydrate="true" type="hidden"
    class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="NAME"><input data-hydrate="true" type="email" class="form__email-input form_input form__email-input form__email-input--inbodyContent" name="MAIL"
    required="" placeholder="Your Email Address"><input data-hydrate="true" type="hidden" class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="NEWSLETTER_CODE" value="ITP_STD"><input data-hydrate="true"
    type="hidden" class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="LANG" value="EN"><input data-hydrate="true" type="hidden"
    class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="SOURCE" value="60"><input data-hydrate="true" type="hidden"
    class="form__hidden-input form_input form__hidden-input form__hidden-input--inbodyContent" name="COUNTRY"><label class="form__checkbox-label"><input data-hydrate="true" type="checkbox"
      class="form__checkbox-input form_input form__checkbox-input form__checkbox-input--inbodyContent" name="CONTACT_OTHER_BRANDS">Contact me with news and offers from other Future brands</label><label class="form__checkbox-label"><input
      data-hydrate="true" type="checkbox" class="form__checkbox-input form_input form__checkbox-input form__checkbox-input--inbodyContent" name="CONTACT_PARTNERS">Receive email from us on behalf of our trusted partners or sponsors</label><input
    data-hydrate="true" type="submit" class="form__submit-input form_input form__submit-input form__submit-input--inbodyContent" required="" value="Sign me up"></form>

Text Content

Skip to main content

Open menu Close menu
ITPro IT Pro
Search
Search IT Pro
Subscribe
RSS
US Edition



US


Australia


UK

Technology Magazines
Why subscribe?
 * The best tech tutorials and in-depth reviews
 * Try a single issue or save on a subscription
 * Issues delivered straight to your door or device

From€8
View
 * 
 * Business
 * Cloud
 * Hardware
 * Infrastructure
 * Security
 * More
   * Zero Trust
   * Software
   * Technology
   * Resources
   * ITPro newsletter

Cloud Pro
Channel Pro



Trending
 * Tech trend predictions for 2024
 * Join the ITPro Network
 * The best business servers for 2024
 * The most targeted industries for cyber attacks



When you purchase through links on our site, we may earn an affiliate
commission. Here’s how it works.


 1. Security


MISCONFIGURED SAAS APPLICATIONS LED TO THE HOME DEPOT DATA BREACH, AND EXPERTS
SAY IT’S NO SURPRISE

News
By Solomon Klappholz
published April 9, 2024

The recent Home Depot data breach that exposed information relating to over
10,000 employees should be a warning that enterprises need to get their SaaS
deployments under control

 * 
 * 
 * 


(Image credit: Getty Images)


A senior security leader has said he is not surprised that the recent Home Depot
data breach was caused by a misconfigured SaaS application, warning that the
issue is rife across enterprises of all sizes.



The data breach saw information belonging to over 10,000 Home Depot employees
uploaded to a popular hacking forum by a well-known threat actor named
IntelBroker.



Exposed information included employee names, work email addresses, and user IDs.
Although this information alone is not highly sensitive, it could be used by
threat actors to conduct further social engineering attacks on Home Depot staff,
experts have warned.

Home Depot confirmed the attack on 7 April, stating the breach was the result of
a third-party software vendor inadvertently exposing a small data sample
pertaining to Home Depot staff.

LATEST VIDEOS FROM itproITPro



Tim Bach, senior VP of security engineering at AppOmni, said while the rapid
identification of the incident as the result of a SaaS misconfiguration was
impressive, the fact this was the source of the breach was far from surprising.



“What is most noteworthy is the immediate identification of SaaS
misconfiguration as the cause. It is really not noteworthy to see another
sensitive data leak from a SaaS application, and unfortunately it is not
noteworthy even to see it at this scale, as large enterprises have heavily
adopted SaaS throughout their critical infrastructure.” 

Bach said it’s important firms correctly identify the root cause of leaks like
this one to ensure others learn from these incidents and improve their posture
accordingly.


GET THE ITPRO. DAILY NEWSLETTER

Receive our latest news, industry updates, featured resources and more. Sign up
today to receive our FREE report on AI cyber crime & security - newly updated
for 2024.

Contact me with news and offers from other Future brandsReceive email from us on
behalf of our trusted partners or sponsors
By submitting your information you agree to the Terms & Conditions and Privacy
Policy and are aged 16 or over.

“Inadvertent SaaS misconfigurations that can, potentially, result in such leaks
are commonplace, but usually when a leak occurs it is attributed simply to an
‘internal system’, making it unclear whether it was a SaaS system, or in-house
system, etc,” he said. 

“Such attribution to a SaaS misconfiguration is key as it will help security
teams continue to be mindful of the importance of dedicated attention to
securing and continuously monitoring their SaaS applications.”


FIRMS NEED TO BUCK UP THEIR SAAS SECURITY PRACTICES

The Home Depot breach underscores how SaaS-based attacks are a growing problem,
according to Bach. Citing an investigation carried out in 2023 by threat
researcher Aaron Costello and security reporter Brian Krebs, he noted that many
of these attacks go unnoticed. 

“This highlights how commonly attackers exploit SaaS application
vulnerabilities. Nearly a year ago based on intelligence from AppOmni Labs
researcher Aaron Costello, cyber security journalist Brian Krebs published an
article about how many SaaS applications are leaking data.” Bach recalled.

“Unmanaged SaaS applications, poor configuration hygiene, and their associated
breaches continue to plague enterprises. If they are associated with large,
well-known enterprises they are written about and discussed, but many of these
types of breaches likely go undetected.”

RELATED WHITEPAPER



(Image credit: Proofpoint)

Learn about the most common risks users face today 

Bach said SaaS applications are ingrained into the operating models of virtually
every business and underpin vital processes every day. As such, enterprises need
to take a number of security precautions to ensure their SaaS deployments aren’t
compromised.

“SaaS applications are now the operating system and system of record for
business, since they handle sensitive, business-critical data. SaaS is a
critical part of cloud infrastructure and applications that businesses need to
pay attention to and implement controls around to prevent data breaches. At a
basic level, it’s important to get visibility into SaaS risks and preventable
data exposures”, he noted.

“Beyond this, enterprises should watch out for SaaS identities, user behaviors,
and connected applications that can introduce additional risks.”

Solomon Klappholz
Social Links Navigation
Staff Writer

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about
the technologies that facilitate industrial manufacturing which led to him
developing a particular interest in IT regulation, industrial infrastructure
applications, and machine learning.

More about security

Cyber attacks surged in March with over 299 million records compromised



Hackers are using Windows script files to spread malware and swerve antivirus
software


Latest

AMD Ryzen™ PRO processors and Windows 11 Pro

See more latest ►




MOST POPULAR

AWS fined $525 million after US court rules Amazon S3 storage, DynamoDB services
infringed patents
Alibaba Cloud is in a "race to the bottom" on pricing — and it will be its
undoing
Hackers are abusing GitHub's search function to spread malware
Logpoint unveils new MSSP and channel partner programs
Google Cloud Next 2024: All the news and announcements live
Microsoft’s April Patch Tuesday marked by RCE vulnerabilities pervading SQL
servers
Change Healthcare hit with second ransomware attack of 2024
Oracle is betting big that every country will soon have its own sovereign cloud
Avanade appoints new Center of AI sales and cross solution lead for UK&I
Google Cloud targets ‘AI anywhere’ with Vertex AI Agents
Devs defend PHP programming language despite dip in popularity



RESOURCES


GENERATIVE AI SECURITY

Posted

Webinar


THE BUSINESS VALUE OF ZSCALER DATA PROTECTION

Posted

Whitepaper


2024 STATE OF THE PHISH REPORT

Posted

Whitepaper


BRING YOUR STORAGE FROM GROUND TO CLOUD

Posted

Whitepaper
VIEW MORE WHITEPAPERS
MOST READ
 1. 1
    AMD Ryzen™ PRO processors and Windows 11 Pro
 2. 2
    Big tech companies insisted 2024 would be the year of the AI PC - analysts
    disagree
 3. 3
    Cyber attacks surged in March with over 299 million records compromised
 4. 4
    Asus Vivobook Pro 15 OLED (N6506) Review: A high-quality all-rounder for a
    reasonable price
 5. 5
    UK competition watchdog says it has “very real concerns” over big tech AI
    dominance



IT Pro is part of Future US Inc, an international media group and leading
digital publisher. Visit our corporate site.

 * Terms and conditions
 * Contact Future's experts
 * Privacy policy
 * Cookies policy
 * Accessibility statement
 * Careers
 * About Us
 * Contact Us

© Future US, Inc. Full 7th Floor, 130 West 42nd Street, New York, NY 10036.