Home Depot Updates Severity Of Security Attack, Says 53 Million Email Addresses Were Stolen
The stolen email addresses were contained in separate files that those responsible for the breach were able to swipe. However, those additional files did not contain passwords, payment card information, or other sensitive personal information, according to Home Depot. The hardware chain is currently notifying affected customers and advising them to be on the lookout for phishing scams.
Image Source: Flickr (Mike Mozart)
"As previously disclosed, the malware used in the attack had not been seen in any prior attacks and was designed to evade detection by antivirus software, according to Home Depot’s security partners," Home Depot said. "As the company announced on September 18, the hackers’ method of entry has been closed off and the malware has been eliminated from the company’s systems."
Those responsible for the attack used a third-party vendor's username and password combination to infiltrate the perimeter of Home Depot's network. They then acquired elevated rights, giving them easier access to certain areas of Home Depot's extended network in order to deploy the custom-built malware on the company's self-checkout systems.