Lowe’s Details
Industry
Retail
Security Incidents
1
Lowe's Companies, Inc., commonly known as Lowe's, is a home improvement and appliance retail company based in the United States. Founded in 1946 by Lucius Smith Lowe in North Wilkesboro, North Carolina, the company initially operated as a small hardware store. Over the decades, Lowe's has expanded significantly and now operates a chain of retail stores in the United States and Canada. The company's primary purpose is to provide a wide variety of products and services geared toward home improvement, maintenance, and renovation.
Notable for its comprehensive range of products, Lowe's offers eve...
Show more
Security Incidents
Lowe’s Breach of Aug 2024
The phishing site, built using AI to resemble a generic retail store, avoided scrutiny by appearing non-malicious at first glance. When users clicked the ads, they were directed to a page that asked for their Sales Number and Passwor...
Show more
The incident demonstrated significant levels of planning and execution complexit...
Show more
There are no indications that customer data was compromised or that any internal systems were taken offline due to this incident. The potential stolen cred...
Show more
Severity Score
Low to Moderate
Type
Phishing AttackSummary
In mid-August 2024, Lowe's employees were targeted through a sophisticated phishing campaign involving fraudulent Google ads. Employees searching for "MyLowesLife," the company's HR portal, encountered malicious ads leading to phishing websites. These sites used lookalike domain names and presented a convincingly realistic imitation of the MyLowesLife login page.The phishing site, built using AI to resemble a generic retail store, avoided scrutiny by appearing non-malicious at first glance. When users clicked the ads, they were directed to a page that asked for their Sales Number and Passwor...
Show more
Severity
In mid-August, a malvertising campaign targeted Lowe's employees by exploiting Google ads to direct them to phishing pages masquerading as the internal MyLowesLife HR portal. This sophisticated attack aimed to steal login credentials and security information by leading users to nearly identical replicas of the legitimate portal. Although the campaign primarily affected Lowe's staff, the threat actor did not limit their scope and showed the potential to target other institutions, raising broader security concerns.The incident demonstrated significant levels of planning and execution complexit...
Show more
Impact
In mid-August, Lowe’s experienced a sophisticated malvertising campaign specifically targeting its employees through Google ads. The malicious campaign aimed to phish MyLowesLife login credentials by directing employees to very convincing, albeit fraudulent, replicas of the Lowe’s internal HR portal. While it mainly focused on stealing the login details, it did not result in any known significant data exposure beyond employee credentials.There are no indications that customer data was compromised or that any internal systems were taken offline due to this incident. The potential stolen cred...
Show more
KEEP YOUR ENVIRONMENT SECURE
Weak credentials are the leading cause of breaches. Beyond Identity can help.
See MFA exploits in action
Watch how adversaries exploit companies in quick videos