Home Depot Updates Severity Of Security Attack, Says 53 Million Email Addresses Were Stolen

Home Depot disclosed this week that around 53 million email addresses were taken during a recent security breach, which is in addition to the approximately 56 million compromised customer credit and debit cards previously disclosed by the hardware chain. The updated findings are the result of weeks of investigation by Home Deport, law enforcement, and third-party IT security experts, the company said.

The stolen email addresses were contained in separate files that those responsible for the breach were able to swipe. However, those additional files did not contain passwords, payment card information, or other sensitive personal information, according to Home Depot. The hardware chain is currently notifying affected customers and advising them to be on the lookout for phishing scams.

Home Depot
Image Source: Flickr (Mike Mozart)

"As previously disclosed, the malware used in the attack had not been seen in any prior attacks and was designed to evade detection by antivirus software, according to Home Depot’s security partners," Home Depot said. "As the company announced on September 18, the hackers’ method of entry has been closed off and the malware has been eliminated from the company’s systems."

Those responsible for the attack used a third-party vendor's username and password combination to infiltrate the perimeter of Home Depot's network. They then acquired elevated rights, giving them easier access to certain areas of Home Depot's extended network in order to deploy the custom-built malware on the company's self-checkout systems.