**Home Depot Ignored Security Researcher’s Warning About Exposed Credential**
Security researcher Vinny Troia (operating under the alias "Zimmerman") disclosed that Home Depot failed to respond to multiple alerts about a publicly exposed credential, despite his history of reporting similar vulnerabilities to other companies. Troia, who has previously notified organizations about security risks, stated that Home Depot was the only company to ignore his warnings.
The exposed credential was removed from public view only after TechCrunch reached out to Home Depot last week. The incident highlights potential gaps in the company’s vulnerability disclosure process, though no details were provided on whether the credential was misused or the extent of its exposure. The case underscores the risks of unaddressed security alerts in enterprise environments.
The Home Depot cybersecurity rating report: https://www.rankiteo.com/company/the-home-depot
"id": "THE1765591280",
"linkid": "the-home-depot",
"type": "Breach",
"date": "12/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'industry': 'Home Improvement',
'name': 'Home Depot',
'type': 'Retail'}],
'attack_vector': 'Publicly Exposed Credential',
'data_breach': {'type_of_data_compromised': 'Credential'},
'description': 'A leaked credential belonging to Home Depot was publicly '
'exposed and later removed after TechCrunch contacted the '
'company. The researcher, Zimmerman, disclosed similar '
'exposures to other companies but received no response from '
'Home Depot.',
'impact': {'data_compromised': 'Credential'},
'references': [{'source': 'TechCrunch'}],
'response': {'containment_measures': 'Credential removed from public view'},
'title': 'Home Depot Credential Leak',
'type': 'Data Exposure'}