As we discussed back in September, Home Depot faced a serious breach of its computer systems in which hackers took credit card information for over 56 million customers. Now the company has admitted that in addition to the credit card information, customers email addresses were taken – 53 million of them.
So what does this mean? While only the email addresses were accessed, this information alone allows hackers to use them to try and gain the passwords from those users though the use of a phishing attack – a common practice where a user receives a legitimate looking email asking them to login to verify their password or other information. The verification sites the users are taken to however are made to look like a legitimate service or retailer that user may have an account on, but when the user “verifies” their password, it is then recorded and hackers can then use that information to try and access other websites and services the user may use. Because many users use a common password across many websites and accounts, this could potentially be a big deal for those users.
Home Depot also reported on the source of the hack. They have determined that the offender used the user name and password of one of its vendors to access the system, and then proceeded to hack into other areas including the cash register systems (presumably where they accessed the credit card information), and a database of customer emails. Home Depot has since increased it’s data security, but that is most likely little consolation to those who had their information taken from their system.
What do you think about this recent spree of high profile retail company data breaches? Let us know in the comments below, or on Facebook, Google+ or Twitter.Source: The New York Times