Slashdot Mirror

← Back to Stories (view on slashdot.org)

Home Depot Says Hackers Grabbed 53 Million Email Addresses

Posted by samzenpus on from the reply-all dept.

wiredmikey writes Home Depot said on Thursday that hackers managed to access 53 million customer email addresses during the massive breach that was disclosed in September when the retail giant announced that 56 million customer payment cards were compromised in a cyber attack. The files containing the stolen email addresses did not contain passwords, payment card information or other sensitive personal information, the company said. The company also said that the hackers acquired elevated rights that allowed them to navigate portions of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada.

20 of 99 comments (clear)

  1. brick and mortar stores by turkeydance · · Score: 2

    consistently reinforce their legacy retailing status.

    1. Re:brick and mortar stores by slazzy · · Score: 2

      I'm not sure that overpriced little 6" to 12" bits of plywood for crafts counts as buying wood online. I guess if you're into building dollhouses.

      --
      Website Just Down For Me? Find out
    2. Re:brick and mortar stores by SeaFox · · Score: 2

      You are aware the measurements of that wood are in inches right?

    3. Re:brick and mortar stores by frank_adrian314159 · · Score: 2

      I'll just hire some little people to dance around it once I'm done.

      --
      That is all.
  2. Home Depot is getting off cheap by hamjudo · · Score: 5, Interesting

    TFA says that Home Depot expects to pay "$62 million this year to recover from the incident", referring to exposing the details on 56 million credit cards. That's only $1.11 per exposed card. I used a credit card there during the period, so my Credit Union sent me a new card, plus two other physical letters about the incident. That had to cost them more than $1.11 per affected customer.

    1. Re:Home Depot is getting off cheap by xaotikdesigns · · Score: 2
      Did your credit union send the letters, or did Home Depot?

      Home Depot isn't paying for your card, and a letter isn't that expensive when you are buying office supplies in bulk.

      --
      XDInd
    2. Re:Home Depot is getting off cheap by BradMajors · · Score: 2

      Stolen credit card numbers are easily fixed. The thieves have stolen information which can be used for identity theft which is much much harder to fix.

    3. Re: Home Depot is getting off cheap by cdrudge · · Score: 2

      The cheapest first class metered mail for pre-sorted by 5 digit zip code is about $.38/letter. It's cheaper, but I wouldn't say "far cheaper". Standard class bulk mail (aka junk mail) goes cheaper, but can't be used for personalized correspondence, sending out replacement credit cards, etc.

  3. I would never give Home Depot my address... by mi · · Score: 5, Informative

    I do remember the face of a nice cashier lady in a rural Home Depot — she asked me to "sign up for free" and I refused. It genuinely offended her, though she remained professionally nice... Maybe, now she understands.

    And when you have to — or, despite the risks, want to — register with some company, always use an address like yourid+companyname-year@example.com. The nifty feature supported by most mail-servers will still deliver the message into your mbox, but you'll be able to block a particular address, when it gets stolen (or when the party you gave it to in the first place turns to spamming).

    GMail supports the feature, Yahoo! Mail might too.

    (Of course, owners of their own domains have the infinite supply of even nicer-looking addresses.)

    --
    In Soviet Washington the swamp drains you.
    1. Re:I would never give Home Depot my address... by wisnoskij · · Score: 2

      OK, and what is stopping someone from cropping out the tags?

      --
      Troll is not a replacement for I disagree.
    2. Re:I would never give Home Depot my address... by Quirkz · · Score: 2

      always use an address like yourid+companyname-year@example.com.

      You don't think spammers can learn to strip out the characters between the + and the @ ? If I was a spammer, I'd do that automatically. Hell, I'd probably keep the original, but also create the stripped version, and then spam them both.

      --
      The Quirkz Handbook of Self-Improvement for People Who Are Already Pretty Okay
  4. LOL by Lunix+Nutcase · · Score: 4, Informative

    And they're a member of CurrentC who wants your bank account info, driver's license and SSN numbers. Who in their right mind would give the MCX or its members companies such info?

    1. Re:LOL by Anonymous Coward · · Score: 2, Insightful

      Exactly.

      Also, to give you an idea of how bad these companies are at security and modern computing: We have to deal with Home Depot for EDI at my workplace. Home Depot requires the use of a specific Internet Explorer version 9.xx and Java builds that are 2+ years old to access their online EDI system. We can't even update our own computers because they are still stuck in 2009.

      Don't give these people direct access to your bank accounts.

  5. Who Loses Their Executive IT Position? by BoRegardless · · Score: 2

    Seems like one of the jobs of IT departments for the last 10 years should have been to have their own surveillance software to be watching for activities that indicate software changes, moving of data, and added code that should be detectable so they can verify what is happening to their systems in near real time.

    1. Re:Who Loses Their Executive IT Position? by greenwow · · Score: 5, Interesting

      > moving of data,

      If FDR hadn't fought so hard in 1935 against adding a check digit, monitoring for SSNs over the network would be so much easier. Canadian SIN have check digits so a couple of times we were able to detect suspicious file transfers. Yes, the US did a great job getting 25 million SSNs issued within three months, but we're still paying for that decision.

    2. Re: Who Loses Their Executive IT Position? by cdwiegand · · Score: 2

      Actually per the patriot act you have to give it to your bank. Your insurance company also needs it to report to the irs that you are compliant with the ACA. Lots of people need it and have a legal reason for it, sadly.

      --
      . Define sqrt(x) as something really evil like (x / rand()), and bury it deep. Watch your coworkers go nuts.
  6. Re:Okay then by Anonymous Coward · · Score: 3, Informative

    Glad that's over!

    It's not over.

    Which part of "Microsoft product" did Home Depot not understand?

    According to an Oct. 1, 2013, report prepared for Home Depot by consultant FishNet Security, the retailer left its computers vulnerable by switching off Symantec’s Network Threat Protection (NTP) firewall in favor of one packaged with Windows.

    http://www.businessweek.com/ar...

  7. Re:Okay then by JDG1980 · · Score: 2

    According to an Oct. 1, 2013, report prepared for Home Depot by consultant FishNet Security, the retailer left its computers vulnerable by switching off Symantecâ(TM)s Network Threat Protection (NTP) firewall in favor of one packaged with Windows.

    No enterprise installation should ever be relying on individual client firewall software for network security. At best, that should be a second line of defense. It is the job of the perimeter firewall to handle these kind of threats.

  8. Re:Home Cheapo (what my sister's always called it) by ColdWetDog · · Score: 4, Funny

    Paperboy?

    Bonus?

    Are these English words?

    --
    Faster! Faster! Faster would be better!
  9. Running Windows and offshoring to India by WindBourne · · Score: 2

    This will get you EVERYTIME.
    Yes, Home Depot offshored significant amounts of their admin. THis allows India to work on the computers in the middle of the night. However, like target, and the others, it enables ppl that have NO VESTED INTEREST in the company, or the nation, to have access to production.

    This will continue as long as companies continue to cheat.

    --
    I prefer the "u" in honour as it seems to be missing these days.