Home Depot exposed access to internal systems for a year, TechCrunch reports.
According to security researcher Ben Zimmermann, a Home Depot employee published a private GitHub access token sometime in early 2024, likely by mistake.
Zimmerman told TechCrunch that when he tested the token, it granted access to private Home Depot repos on GitHub, with write permissions, as well as access to the company’s cloud infrastructure, including order fulfillment and inventory management systems.
