Home Depot Breach Also Leaked 53 Million E-Mails

The Home Depot breach was worse than earlier believed. Beyond the previously disclosed payment-card data that was leaked in the attack, separate files containing about 53 million e-mail addresses were also captured.

"Criminals used a third-party vendor's user name and password to enter the perimeter of Home Depot's network," Home Depot said in a statement Thursday. "These stolen credentials alone did not provide direct access to the company's point-of-sale devices. The hackers then acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada."

Too Many Blind Spots

The Home Depot breach shows that there were too many blind spots to prevent an attack, said Aviv Raff, CTO and co-founder of advanced threat protection firm Seculert. In this case, he told us, the attacker was able to jump from a third-party, vendor-specific environment to the corporate environment using a zero-day vulnerability in Microsoft Windows.

"It also took Home Depot over five months to detect the attack. If you cannot only evade detection on the way in, but live there for five months, it's more like a blind cavern than a blind 'spot'," Raff said.

As he sees it, this is mainly because Home Depot, like other retailers that have been breached, were more focused on trying to prevent an attack than trying to detect an active compromise. Now he reports seeing more and more enterprises moving toward early detection of compromised devices within their network, before an incident becomes a breach.

Supply Chain Ripe for Attack

We turned to TK Keanini, CTO at network security firm Lancope, to get his thoughts on the news. He told us if you look at the classic model that makes up a retail system, the attacker is just going after weak access vectors.


Comments are closed.