Home Depot: 53 million email addresses stolen
In addition to the previously disclosed payment card data, separate files containing approximately 53 million email addresses were also taken during the breach. These files did not contain passwords, payment card information or other sensitive personal information.
The company is notifying affected customers in the U.S. and Canada. Customers should be on guard against phishing scams, which are designed to trick customers into providing personal information in response to phony emails.
The findings are the result of weeks of investigation by The Home Depot, in cooperation with law enforcement and the company's third-party IT security experts.
In addition to details previously released, the investigation to date has determined the following that criminals used a third-party vendor's user name and password to enter the perimeter of Home Depot's network. These stolen credentials alone did not provide direct access to the company's point-of-sale devices.
The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada.
The malware used in the attack had not been seen in any prior attacks and was designed to evade detection by antivirus software, according to Home Depot's security partners. ■