Canadian Home Depot customers on Tuesday have shared their confusion over Twitter, where everyone claimed receiving order remainder emails of other customers. The emails were sent in bulk, in some hundreds actually, containing order details including the last four digits of the payment card. The Home Depot communications director said that it was a system error.
Home Depot Exposed Customers Orders
Home Depot is the largest retail chain for home improvements in the US and has branches in various countries. The Canadian Home Depot on Tuesday had a system error, which led to sending order pickup emails of one customer to others. This has become serious when the number of customers receiving these emails starting complaining on Twitter.
Expressing their confusion, customers shared screenshots of their flooded email boxes, saying that itโs more like spam. The emails are for reminding the customers to pick up their orders at the store or curbside and contains the full name of custom, order items, and billing details (has the last four digits of the payment card).
@HomeDepotCanada Hey umโฆ I'm pretty sure I received a reminder email for literally every online order that is currently ready for pick up at literally every Home Depot store in Canada. There are 660+ emails. Something has gone wrong. pic.twitter.com/mBcO40Ge3o
— Spencer K. Monckton (@skmonckton) October 28, 2020
Exchanging information of such is a blunder, and has happened among hundreds of customers. At one point, one customer claimed that he had received over 600 emails for picking the readied order. While these can be turned down at once, any ill-intent customer can take advantage of this opportunity if desired.
He/she can walk through the store, show up the order ID or QR code (has received emails), and take someoneโs order! This can happen since Home Depot doesnโt always verify the customer before handing over the order. These emails will be generated if the customer fails to pick up the order at a specified time.
Whatโs worse is replying to all those emails! Since the emails sent were having hundreds of CC email addresses in them, any reply-all response will continue the thread, pushing new emails to all those users again. Some confused customers started replying to those emails, causing yet another unwanted flood.
While Home Depot has responded to some users on Twitter, an official statement to BleepingComputer by Paul Berto, Director of Home Depot Canadaโs Corporate Communications read
โTuesday evening, we discovered a systems error on select Homedepot.ca orders impacting a small number of our Canadian customers. Some customers may have received multiple emails for orders they did not place.โ
Further, โThis issue has been fixed. None of the emails contained passwords or un-hashed payment card information. We apologize for the concern this has caused our customers, and we thank them for their patience and support as we quickly worked through this issue.โ