Home Depot hack even worse: 53 million email addresses stolen, too
Watch your inbox for emails from Home Depot. And treat them as potentially radioactive.
Home Depot on Thursday disclosed that the massive hack it attack it discovered earlier this year is even bigger than previously thought. Computer criminals who stole 50-million-plus credit card account numbers also managed to take 53 million email addresses from the firm's computers, Home Depot disclosed in a press release. The firm says hackers took a file with the email list, but didn't get passwords or other sensitive information.
Risks from compromised email addresses are considerably less than risks from stolen payment card data. Still, the stolen data will be a treasure trove for spammers, and will almost certainly be used for highly targeted criminal phishing attacks. It would be trivial for hackers to email customers already concerned about stolen credit card data with a note that appears to come from Home Depot, requesting even more personal information. As is good Internet hygiene anyway, don't click on any links in emails, and don't fill out any forms on web pages unless you type your way to them directly through a browser address bar.
Here's more from Home Depot, which to its credit has posted a notice about the email leak right on its home page.
Criminals used a third-party vendor's user name and password to enter the perimeter of Home Depot's network. These stolen credentials alone did not provide direct access to the company's point-of-sale devices.
The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada.
In addition to the previously disclosed payment card data, separate files containing approximately 53 million email addresses were also taken during the breach. These files did not contain passwords, payment card information or other sensitive personal information. The company is notifying affected customers in the U.S. and Canada. Customers should be on guard against phishing scams, which are designed to trick customers into providing personal information in response to phony emails. Information about how to avoid phishing and other email scams is available by typing https://www.onguardonline.gov/articles/0003-phishing into your web browser.