Stolen Vendor Credentials to Blame for Home Depot Breach

Another batch of 53 million email addresses was exposed as part of the September Home Depot breach after hackers used a vendor`s credentials, the retailer announced.

Hackers used passwords stolen from a third-party vendor to infiltrate Home Depot`s network, according to a press release. With high-level permissions, the hacker navigated portions of the network, found a vulnerability and planted custom-built malware on self-checkout systems in the US and Canada.

The stolen data is comprised of “partially public” email addresses.

“These files did not contain passwords, payment card information or other sensitive personal information,” Home Depot said.

The malware was designed to escape antivirus detection systems, the investigation revealed. As a result of the breach, the company has taken several extra security measures including enhanced encryption of the payment information collected in its US stores to avoid data scraping. The implementation in Canadian stores will be complete by early 2015, it added.

The retailer also embraced EMV technology, which is recognized to come with stronger security features than magnetic cards.