A security researcher discovered that Home Depot unintentionally exposed access to its internal systems for a year due to a published access token. After attempts to notify the company went ignored, TechCrunch intervened, leading to the token's revocation. Home Depot lacks a formal process for reporting such security issues.