allheart55 (Cindy E)
Administrator
Hackers installed custom malicious software on the retailer's self-checkout machines. Home Depot
Along with the 56 million or so credit card numbers stolen from Home Depot earlier this year, investigators said on Thursday that more than 53 million email addresses were taken, too.
A joint investigation of law enforcement officials, Home Depot representatives and independent security analysts found that no "passwords, payment card information or other sensitive personal information" was held in the stolen files which contained the customer email addresses.
The investigation report detailed how the hack occurred. Similar to the Target breach last year, the attackers used the stolen log-in credentials of a third-party Home Depot vendor to access the company's internal network and install custom malicious software on self-checkout machines.
The malicious software, active on Home Depot's network between April and September of this year, has been removed. Home Depot said in the wake of the breach, it added more encryption to its credit card payment systems.
The company has notified the American and Canadian owners of the affected email addresses, although there was no legal requirement to do so. Home Depot said it issued the warning in hopes of preventing its customers from falling victim to phishing attacks, a common use of stolen email addresses.
Home Depot said it doesn't expect further updates on the breach. A request for comment was not immediately returned.
The breach is one in a long string of high-profile hacks against major US retail and restaurant chains. Last year, hackers behind the Target attack stole around 40 million credit card numbers and the personal information of another 70 million people. Arts and crafts retail chain Michaels Stores, department store Neiman Marcus and the P.F. Chang's restaurant chain all announced this year they had been hacked, too, with credit card information the goal of the attacks.
