POST Online Media Lite Edition


Home Depot: 53 million email addresses stolen

Staff writer |
The Home Depot disclosed additional findings related to the recent breach of its payment data systems.

Article continues below

In addition to the previously disclosed payment card data, separate files containing approximately 53 million email addresses were also taken during the breach. These files did not contain passwords, payment card information or other sensitive personal information.

The company is notifying affected customers in the U.S. and Canada. Customers should be on guard against phishing scams, which are designed to trick customers into providing personal information in response to phony emails.

The findings are the result of weeks of investigation by The Home Depot, in cooperation with law enforcement and the company's third-party IT security experts.

In addition to details previously released, the investigation to date has determined the following that criminals used a third-party vendor's user name and password to enter the perimeter of Home Depot's network. These stolen credentials alone did not provide direct access to the company's point-of-sale devices.

The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada.

The malware used in the attack had not been seen in any prior attacks and was designed to evade detection by antivirus software, according to Home Depot's security partners.

What to read next

Home Depot to buy Interline Brands for $1.625 billion
Home Depot simplifies application process to employ 80,000
Home Depot hiring more than 80,000 employees