Home Depot: 56 Million Cards, One Vendor Password
Failed to add items
Add to basket failed.
Add to wishlist failed.
Remove from wishlist failed.
Adding to library failed
Follow podcast failed
Unfollow podcast failed
-
Narrated by:
-
By:
In 2014, attackers walked into Home Depot's network with a password stolen from a third-party vendor — and walked out with 56 million payment cards. The tool they used to move around inside was a genuine zero-day, the kind of flaw nation-states pay millions for. The harder part to explain is everything that was already wrong when they arrived: no multi-factor authentication, antivirus seven years out of date, the dedicated firewall switched off, and the card data moving in plain text. This episode walks through how the breach actually worked — and why the warnings that could have stopped it had already been sent, twice.
(0:00) Intro
(1:03) Home Depot and the payment rails
(2:03) The way in: a vendor password
(4:25) What a zero-day actually is
(5:20) 7,500 registers and a watcher in memory
(8:15) Five months of dwell time
(9:55) How the banks found it first
(11:23) Disclosure, response, and the bill
(12:54) What was waiting: the warnings ignored
(16:08) Defenses from the year of the iPhone
(19:34) Chip-and-PIN, a CISO, and the unnamed
(21:06) The distance between a warning and a check
Free one-page technical breakdown PDF: zerodaylogs.com
Sources are listed on the episode page at zerodaylogs.com.