Home Depot says attackers stole a vendor’s credentials to break in

Home Depot has shed more light on a recent data breach that compromised 56 million payment cards, saying hackers used login credentials belonging to another company to access its network. It also revealed that 53 million email addresses were also stolen.

The stolen login credentials didn’t provide direct access to its point-of-sale terminals, Home Depot said. But once inside, the hackers gained “elevated rights” that allowed them to navigate to other parts of its network and install their malware on self-checkout systems in the U.S. and Canada.

The retailer didn’t identify the third-party vendor that was compromised. A Home Depot spokesman said the attack is still under investigation and the company could not comment further.

To read this article in full or to leave a comment, please click here