Home Depot Hackers Nab 53 Million Email Addresses

Home Depot on Friday disclosed additional details of the breach we first heard about earlier this year, revealing that the hackers also accessed files containing 53 million email addresses.

These files did not contain passwords, payment card information, or other sensitive personal information, Home Depot said. The company is now in the process of notifying affected customers, who can sign up for free identity protection and credit monitoring services at Home Depot's expense.

Home Depot in September first acknowledged that attackers had compromised the point-of-sale terminals used at its self-checkout counters, and stole 56 million unique payment card numbers.

Affected individuals should be on guard against phishing scams, which are designed to trick you into handing over your personal information in response to phony emails.

Home Depot said the hackers somehow obtained a third-party vendor's username and password, and used those credentials to enter its network. The stolen credentials alone did not, however, provide direct access to the Home Depot's point-of-sale devices.

View all Photos in Gallery

The hackers then managed to acquire elevated rights, which allowed them to break into more restricted portions of the network and plant custom-built malware on the company's self-checkout systems in the U.S. and Canada.

The malware had not been seen in any prior attacks and was designed to evade anti-virus software. As of Sept. 18, the hackers' method of entry was closed off and the malware eradicated from the company's system.

Following the breach, Home Depot implemented enhanced encryption technology in all its U.S. stores. The technology essentially locks down payment card data, scrambling it to make it unreadable and virtually useless to hackers.

The exploit used in the Home Depot hack, known as Backoff malware, also hit a number of high-profile retailers like Target, Dairy Queen, Kmart, Jimmy John's, P.F. Chang's, and Goodwill. Unfortunately, Backoff shows no signs of slowing down: Network security firm Damballa detected a 57 percent rise in infected devices in August, and that number grew another 27 percent in September.

Meanwhile, a survey of more than 1,000 U.S. consumers, released this week by RSA in conjunction with the Ponemon Institute, found that nearly half of respondents had fallen victim to at least one data breach. Forty-five percent said they are not confident that they are aware of all the times their personal information was leaked.

If you're a JPMorgan Chase customer, you might want to check on your info. A cyberattack on the bank this summer compromised the personal information of 76 million households and 7 million small businesses, making it one of the largest data breaches ever. For more, see the video below.

About Our Expert

Angela Moscaritolo

Managing Editor, Consumer Electronics

My Experience

I'm PCMag's managing editor for consumer electronics, overseeing an experienced team of analysts covering smart home, home entertainment, wearables, fitness and health tech, and various other product categories. I have been with PCMag for more than 10 years, and in that time have written more than 6,000 articles and reviews for the site. I previously served as an analyst focused on smart home and wearable devices, and before that I was a reporter covering consumer tech news. I'm also a yoga instructor, and have been actively teaching group and private classes for nearly a decade.

Prior to joining PCMag, I was a reporter for SC Magazine, focusing on hackers and computer security. I earned a BS in journalism from West Virginia University, and started my career writing for newspapers in New Jersey, Pennsylvania, and West Virginia.

The Technology I Use

My little Florida beach bungalow is brimming with smart home tech. I have a smart speaker or display in every room, allowing me to control other connected devices by voice. The Nest Hub on my bedside table lets me set wake-up alarms, control my smart light bulbs, and set the temperature on my smart thermostat. I use the Amazon Echo Show 8 on my kitchen counter to browse recipes, reorder protein powder, check the weather, and watch the news while I do dishes.

Because I suffer from allergies, air purifiers are essential. My favorite model is the Dyson Purifier Cool TP07, which doubles as a fan and continuously sends indoor pollution data to its companion mobile app.

My pitbull Bradley sheds, so a good robot vacuum is a must. I currently use a premium Ecovacs Deebot that can both vacuum and mop, empty its own dustbin, and wash its own mop cloth.

For fitness, I like to mix up my routine with cycling, indoor rowing, running, and strength training in addition to yoga. I take classes on the Tonal 2 smart strength training machine, I row indoors on an Aviron machine, and track my beach runs with an Apple Watch while listening to music on my Apple AirPods Pro. On the weekends, I love riding e-bikes like the rugged, beach-friendly Aventon Aventure for fun and fitness.

My job involves a lot of virtual meetings, so a quality webcam, microphone, and ring light are important. I use the Jabra PanaCast 20 webcam, the Elgato Wave: 3 microphone, and a Yesker tripod ring light.

As for my preferred phone platform, I'm an iPhone person, but I've also extensively used Android for product testing.

Read the latest from Angela Moscaritolo

Read full bio