Industry News

Stolen Vendor Credentials to Blame for Home Depot Breach

Mozilla Developer Site Leaks 76,000 User Email Addresses

Mozilla Developer Site Leaks 76,000 User Email AddressesAnother batch of 53 million email addresses was exposed as part of the September Home Depot breach after hackers used a vendor’s credentials, the retailer announced.

Hackers used passwords stolen from a third-party vendor to infiltrate Home Depot’s network, according to a press release. With high-level permissions, the hacker navigated portions of the network, found a vulnerability and planted custom-built malware on self-checkout systems in the US and Canada.

The stolen data is comprised of “partially public” email addresses.

“These files did not contain passwords, payment card information or other sensitive personal information,” Home Depot said.

The malware was designed to escape antivirus detection systems, the investigation revealed. As a result of the breach, the company has taken several extra security measures including enhanced encryption of the payment information collected in its US stores to avoid data scraping. The implementation in Canadian stores will be complete by early 2015, it added.

The retailer also embraced EMV technology, which is recognized to come with stronger security features than magnetic cards.

About the author

Alexandra GHEORGHE

Alexandra started writing about IT at the dawn of the decade - when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers' mouse scrolls. Alexandra is also a social media enthusiast who 'likes' only what she likes and LOLs only when she laughs out loud.