53M emails breached in massive Home Depot hack

ATLANTA, Nov. 7 (UPI) -- Hackers swiped an astonishing 53 million email addresses at Home Depot — in addition to customer data for 56 million credit cards, which the company had previously revealed.

Passwords and payment card information were not accessed in the email hack, said Home Depot, but addresses can be used effectively in scams or to trick people into revealing more sensitive information.

The crooks used a third-party vendor's user name and password to get into the system and then obtained "elevated rights" to more sensitive data in the biggest-ever retail breach. The strategy was similar to the one used at Target, where hackers gained access last year via a refrigeration contractor's electronic billing account.

In a new twist, they installed malware on self-checkout registers, USA Today reported.

Retailers have been slammed by security experts for failing to isolate sensitive sections of their networks from those more easily accessible to outsiders. "If we rewind the tape, our security systems could have been better," said just retired chief executive Frank Blake.

The company has estimated the attack will cost some $62 million.

Since the attack last April, Home Depot has instituted enhanced encryption of pay data.