Home Depot: 56 Million Cards, One Vendor Password cover art

Home Depot: 56 Million Cards, One Vendor Password

Home Depot: 56 Million Cards, One Vendor Password

Listen for free

View show details

In 2014, attackers walked into Home Depot's network with a password stolen from a third-party vendor — and walked out with 56 million payment cards. The tool they used to move around inside was a genuine zero-day, the kind of flaw nation-states pay millions for. The harder part to explain is everything that was already wrong when they arrived: no multi-factor authentication, antivirus seven years out of date, the dedicated firewall switched off, and the card data moving in plain text. This episode walks through how the breach actually worked — and why the warnings that could have stopped it had already been sent, twice.

(0:00) Intro
(1:03) Home Depot and the payment rails
(2:03) The way in: a vendor password
(4:25) What a zero-day actually is
(5:20) 7,500 registers and a watcher in memory
(8:15) Five months of dwell time
(9:55) How the banks found it first
(11:23) Disclosure, response, and the bill
(12:54) What was waiting: the warnings ignored
(16:08) Defenses from the year of the iPhone
(19:34) Chip-and-PIN, a CISO, and the unnamed
(21:06) The distance between a warning and a check

Free one-page technical breakdown PDF: zerodaylogs.com
Sources are listed on the episode page at zerodaylogs.com.

adbl_web_anon_alc_button_suppression_t1
No reviews yet