14 DAY TRIAL // The investigation in the Home Depot security breach that was discovered at the beginning of September revealed that about 53 million email addresses of customers had also been stolen, in addition to the 56 million payment card records previously disclosed.
Until now, details from the ongoing investigation of the event showed that initial illegal access to the Home Depot network was obtained by compromising a third-party’s username and password; the next step was to gain escalated privileges and move through the network.
This allowed them to infiltrate a piece of malware that was believed to be BlackPOS at the beginning. However, although the threat used by the attackers has not been officially confirmed, malware analysts say that a different family may have been used, on account of the many differences found in the way it operates.
Phishing is the biggest threat for affected individuals
Josh Grunzweig, security consultant at Nuix, caught the dissimilarities between the threat used at Home Depot and BlackPOS in an article published in September.
According to a statement from the company on Thursday, the 53 million email addresses fallen in the hands of the intruders were not associated with other information, such as passwords, payment information or personal customer details.
Home Depot already initiated the process of notifying the affected individuals that their addresses are now unprotected.
“The biggest threat to users who have had their e-mail stolen is the threat of phishing. Spear phishing tactics utilizing the knowledge that the e-mail addresses belong to Home Depot customers is a likely outcome, resulting in millions of people potentially receiving fake e-mails claiming to be from Home Depot requesting either the opening of an infected / malicious file or requesting login credentials,” said via email Adam Kujawa, head of Malware Intelligence at Malwarebytes Labs.
Home Depot also warns of this risk, advising its customers to pay close attention to suspicious emails that could trick them into disclosing personal information.
Spam is the gentler alternative
Spam is the other alternative for using the stolen email database. Cybercriminals could also sell the huge batch of email addresses to entities that need to gain better visibility on the market.
Kujawa said that in the case of phishing, the attackers could take advantage of the fact that credit card numbers have also been exfiltrated during the incident, and create convincing messages.
The total costs supported by Home Depot as a result of this security breach incident are estimated at $62 / €50 million in an initial stage, with more money likely to be spent later on.