Home Depot confirms 53 million email addresses stolen, blames Windows

Home Depot (NYSE:HD), which suffered a data breach that compromised 56 million payment cards has added 53 million email addresses to the list of items stolen in the breach.

Cyber criminals used a third-party vendor's user name and password to enter the perimeter of Home Depot's network, but were unable to gain access to the retailer's POS terminals.

The hackers were able to acquire elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the United States and Canada.

Hackers were also able to access separate files containing approximately 53 million email addresses. These files did not contain passwords, payment card information or other sensitive personal information, but Home Depot customers are being notified to be on the lookout for phishing emails and scams.

Home Depot believes the malware used in this attack has not been seen in any prior attacks and was designed to evade anti-virus detection. The point of entry has since been closed off, according to the company, but malware was running for five months on the retailer's POS terminals, gathering data.

But while Target's famous data breach in the fall of 2013 was traced to a third-party vendor and more recent cyber attacks were credited to more widely deployed malware, Home Depot is pointing to a security flaw in Microsoft Windows, according to the Wall Street Journal.

During the investigation, an IT officer purchased MacBooks and iPhones for Home Depot executives in an effort to thwart hackers. The move has led to some speculation that Microsoft's hold on corporate accounts may be loosening, according to GeekWire.

In the meantime, Home Depot has implemented enhanced encryption of payment data and is rolling out EMV technology.

For more:
-See this Home Depot statement
-See this Bloomberg News report
-See this GeekWire story
-See this Wall Street Journal story

Related stories:
Add another to the list: Staples investigating data breach
Supervalu becomes latest data breach victim
Home Depot breach affects 56M debit, credit cards
Target breach cost $148 million; tech hub opens in Silicon Valley
Home Depot may have left data vulnerable
Home Depot and Target hacks the work of different groups
The untold story of the Target data breach