After confirming a few weeks ago that credit card details for more than 56 million customers were stolen by hackers who managed to breach Home Depot’s security system in a sophisticated Target-like manner, the retail store on Thursday also confirmed that as many as 53 million email addresses were also stolen by attackers, The New York Times reports.
Thus, in addition to being able to replicate credit cards using the stolen card info in order to steal money or place fraudulent orders, hackers might also use the massive email database to target unsuspecting users with various secondary phishing attacks. Specifically, hackers could send email messages containing links and/or attachments to fraudulent websites masquerading like real sites but meant to steal login user credentials for various services, including online banking services.
Home Depot also revealed that hackers penetrated its network by first gaining access to the user name and password of one of its vendors, which is yet to be named. Once that was done, hackers were able to target various parts of Home Depot’s network and steal information.
A similar attack occurred at Target last year, with hackers stealing more than 40 million credit cards and personal data for more than 70 million customers after using Target’s heating and cooling company to access the retailer’s systems.
Since the Target breach, Home Depot apparently started taking security more seriously, after reportedly using outdated software in the past, including adding encryption to payment data. But the attack was apparently too complex for the antivirus to detect.
In the future, Home Depot will adopt chip-and-PIN technology in order to further increase credit card data protection during financial transactions.
Home Depot has apparently patched its security holes, and the company will contact consumers whose emails have been stolen to let them know about the situation.