This is all sounding horribly familiar. Brian Krebs, a prominent cybersecurity blogger, reported on Tuesday that Home Depot had likely been hacked based on a “massive” batch of stolen credit and debit card data appearing for sale online. Krebs, if you remember, also broke the news that Target had suffered a breach last December.
The data in question are being sold on the same site, rescator.cc, that hawked Target’s stolen data, Krebs said, indicating that it may be the same group behind both breaches. The names of the batches currently for sale—“American Sanctions” and “European Sanctions”—spurred Krebs to speculate that this hack is intended as retribution for penalties imposed on Russia in reaction to its actions in Ukraine. The intrusion into Home Depot may date as far back as late April, suggesting the breach could be larger than Target’s.