Home Depot Inc. announced Thursday that hackers who broke into its computer network April this year took 53 million email addresses along with payment card details of millions of customers.
The hackers stole a vendor's log-in credentials and used it to get into the systems. They installed a custom-built malware that helped steal the customer payment-card data as well as email addresses of millions of customers, USA Today reports.
This malware was capable of dodging antivirus software and eliminate it, Home Depot officials said.
The officials further said that the malware had not been seen in any previous data thefts and was installed on self-checkout registers that were hacked.
According to Wall Street Journal, the retailer said that the breach was worse than it was previously estimated. As many as 56 million credit-card accounts were hacked; and now, the Home Depot officials revealed that in addition to that around 53 million customer email addresses were also stolen, the New York Times reports.
The hackers had penetrated into the company's heating and cooling management company. The addresses are by default semi-public and Home Depot warned its customers that the hackers might trick them in revealing more information.
Two months of investigations revealed the enormity of the breach, which the retailer unveiled Thursday. Target Corp. had also fallen prey to a similar theft last year, in which the hackers were able to gain access through a Pennsylvania-based refrigeration contractor's electronic billing account.
Computer-security experts have criticized the retailers for having failed to protect such sensitive information on their networks. Target Corp. made some changes to its network, while Home Depot believed that its design had no flaws, sources said.