Home Depot Notes Windows Is To Blame For Massive Security Breach

The more time that passes, the more details come to light regarding a major security breach at Home Depot that exposed 53 million customer email addresses on top of compromising 56 million credit and debit cards. There's an ongoing investigation into the incident, and one of the latest tidbits is that Home Depot is placing some of the blame on Microsoft.

That doesn't mean Home Depot is absolved of any blame on itself -- the company was slow to address lingering security issues -- though the vulnerability that the hackers exploited was one that existed in Windows. The attackers used a third-party vendor's username and password combination to infiltrate the perimeter of Home Depot's network, and once inside, they gained access to a more secure main computer network by squirming through a security hole in Windows, The Wall Street Journal reports.

HD Payment
Image Source: Flickr (Mike Mozart)

To Microsoft's credit, it issued a patch, which Home Depot installed, but it came after the hackers had already done what they set out to do. Once inside the unpatched system, they were able to move about like an employee with high-level permissions. They then set free a piece of malware on Home Depot's point-of-sale systems, which collected data from 7,500 of the company's self-checkout lanes.

Batches of stolen credit and debit card data quickly began showing up on underground marketplaces. Some of those belonged to Home Depot employees, which is ultimately how the company was made aware of the breach -- suspicious charges showed up on cards belonging to Home Depot executives while they were away on vacation for the Labor Day holiday.

While all this was going on, an IT employee purchased two dozen iPhones and MacBooks for senior executives at Home Depot, hinting that the hardware store's confidence in Microsoft and Windows was at least a little bit shaken.