Home Depot: Hackers Used 3rd-Party Vendor's Password to Steal 53M Emails, Payment Card Data

Home Depot: Hackers Used 3rd-Party Vendor's Password to Steal 53M Emails, Payment Card Data
It’s important for Home Depot customers to be on guard against phishing scams, which involve emails designed to trick customers into providing personal information.

Cyberthieves used a “third-party vendor’s user name and password” to break into Home Depot’s network and steal 53 million email addresses in the breach that occurred earlier this year, the nation’s largest home-improvement store announced Thursday in an update.
“These files did not contain passwords, payment card information or other sensitive personal information,” Home Depot said. “The company is notifying affected customers in the U.S. and Canada.”
But it’s important for Home Depot customers to be on guard against phishing scams, which involve emails designed to trick customers into providing personal information. The emails may be disguised as coming from a legitimate source, such as a bank or retailers.
As previously disclosed, the malware used in the attack “had not been seen in any prior attacks and was designed to evade detection by antivirus software,” according to Home Depot’s security partners. The malware is believed to have been present between April and September 2014.
Home Depot said Thursday that hackers acquired “elevated rights” that allowed them to navigate portions of Home Depot’s network and to “deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada.”

In September, Home Depot finally put a number on the scope and reach of the data breach that hit its U.S. and Canadian networks — approximately 56 million unique payment cards.
Home Depot has said it has implemented enhanced encryption of payment data in all U.S. stores.
“The new security protection locks down payment card data, taking raw payment card information and scrambling it to make it unreadable and virtually useless to hackers,” Home Depot said.
Home Depot’s encryption technology, provided by Voltage Security, Inc., has been tested and validated by two independent IT security firms, the retailer said.

One thought on “Home Depot: Hackers Used 3rd-Party Vendor's Password to Steal 53M Emails, Payment Card Data

  • November 9, 2014 at 9:08 pm
    Permalink

    Using a strong password does help a lot even against the attack of cracking the leaked/stolen hashed passwords back to the original passwords. The problem is that few of us can firmly remember many such strong passwords.  We cannot run as fast and far as horses however strongly urged we may be. We are not built like horses.
    At the root of the password headache is the cognitive phenomena called “interference of memory”, by which we cannot firmly remember more than 5 text passwords on average. What worries us is not the password, but the textual password. The textual memory is only a small part of what we remember. We could think of making use of the larger part of our memory that is less subject to interference of memory. More attention could be paid to the efforts of expanding the password system to include images, particularly KNOWN images, as well as conventional texts.

Leave a Reply

Your email address will not be published. Required fields are marked *