Just weeks after Home Depot's enormous data breach became public, new information reveals that 53 million customers' email addresses were also stolen.
According to analysts, the hack, which took place sometime between April and September of this year, is one of the largest data breaches to date, surpassing even the infamously massive breach of retailer Target.
In the attack, according to news sources, hackers used a custom malware strain that Home Depot IT security monitors were not familiar with. The breach allowed the hackers to access a vulnerability within the company's network, deploying the malware into the self-checkout systems in retail outlets across the US.
Eric Chiu, president and co-founder of cloud control comapany HyTrust said in an email to SCMagazineUK.com: “Home Depot's recent disclosure that a stolen vendor password was used to gain access into Home Depot's systems to steal 56 million credit cards and 53 million email addresses is yet another example that the biggest breaches are happening from the inside.”
He adds: “Insider threats are not only the number one cause of breaches but also lead to the biggest damage; this is because once on the network, an outside attacker looks like any other employee and can take their time siphoning off data without being seen. Also, as we have seen from other high-profile breaches, data is the new currency -- not only are attackers looking to use credit cards to make fraudulent charges, but also use email addresses for phishing attacks in order to trick consumers into providing more information or install spyware on their computers. This is the tip of the iceberg -- unless companies put security as a top priority, especially around insider attacks, these attacks will continue to happen and consumers will continue to lose.”
Though Home Depot is adamant that no passwords or other sensitive personal data was compromised, it has issued a warning to its customers to be on the lookout for continued phishing scams, and those whose cards were affected will be offered credit monitoring.
According to Home Depot representatives, the incident is still undergoing investigation.