Home Depot breach: hackers took 53 million email addresses

September’s breach of Home Depot that saw 56 million sets of credit and debit card data stolen was not the only thing lost in the leak, the company has revealed.

The BBC reports that the breach occurred between April and September, and was the result of hackers accessing its network with “a vendor’s username and password.”

“The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot’s network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada,” the company explained in a press release [PDF].

However CNET notes that Home Depot’s investigation with law enforcement officials and independent security analysts found that the files accesses did not contain any “passwords, payment card information or other sensitive information,” meaning that hackers could not link the details together to cause further issues.

The chain said that it would be contacting the owners of the email addresses affected even though there is ‘no legal requirement to do so’. The company hopes that by doing so, it would help customers avoid phishing scams using the customers’ email addresses. As previously reported, the chain is also offering ‘free identity protection services’ to any customer who used a payment card in a Home Depot store this year.

Home Depot suffered an attack that resulted in the leaking of 56 million credit and debit card accounts back in September, as reported by We Live Security here. A number of other high profile chains followed, including Dairy Queen and Kmart, with rumors that Staples had also been hit emerging last month too.

Readers with concerns about Point of Sale malware may find ESET researcher Lysa Myers’ guides for keeping yourself and your business safe from attacks useful further reading.

Author , ESET

Follow us

Copyright © 2018 ESET, All Rights Reserved.