An investigation of this year's Home Depot hack reveals it wasn't just millions of credit card numbers that were stolen – millions of email addresses were pilfered, too.
Along with the 56 million or so credit card numbers stolen from Home Depot earlier this year, investigators said that more than 53 million email addresses were taken.
A joint investigation of law enforcement officials, Home Depot representatives and independent security analysts found that no "passwords, payment card information or other sensitive personal information" was held in the stolen files which contained the customer email addresses. The investigation report detailed how the hack occurred. Similar to the Target breach last year, the attackers used the stolen log-in credentials of a third-party Home Depot vendor to access the company's internal network and install custom malicious software on self-checkout machines.
The company has notified the American and Canadian owners of the affected email addresses, although there was no legal requirement to do so. Home Depot said it issued the warning in hopes of preventing its customers from falling victim to phishing attacks, a common use of stolen email addresses. Home Depot said it doesn't expect further updates on the breach. A request for comment was not immediately returned. The breach is one in a long string of high-profile hacks against major US retail and restaurant chains.
Last year, hackers behind the Target attack stole around 40 million credit card numbers and the personal information of another 70 million people. Arts and crafts retail chain Michaels Stores, department store Neiman Marcus and the P.F. Chang's restaurant chain all announced this year they had been hacked, too, with credit card information the goal of the attacks. The Home Depot is not the only company, which couldn't protect itself from attcks, earlier 90 JPMorgan servers were compromised.