Hackers Ravaged A US Retailer With A Stolen Password

Hackers Ravaged A US Retailer With A Stolen Password

Earlier this year, Home Depot in the US which was traced to a heating company — Home Depot was infiltrated by custom malware and passwords stolen from a third party vendor.

An article in the Wall Street Journal has lots of new information about the hack, including the fact that the attackers made entry by stealing a vendor’s username and password to get into Home Depot’s payment system. In addition, we now know 53 million email addresses were stolen. Before all we knew was that 56 million had been exposed.

The weak point was a Windows vulnerability that allowed hackers to access the Home Depot system through a vendor’s connection and start collecting proprietary sales information. Turns out Home Depot’s system was a little too exposed to vendors who didn’t have as much security as maybe they should have.

Microsoft did issue a fix for the bug in Windows, but it came too late; by then the hackers were already able to move freely through the system. The attack focused specifically on the self-service checkout systems, about 7,500 of which are found in stores nationwide. For about five months the hackers collected data undetected, mostly because the malware was written to erase itself without a trace. [WSJ]


The Cheapest NBN 50 Plans

It’s the most popular NBN speed in Australia for a reason. Here are the cheapest plans available.

At Gizmodo, we independently select and write about stuff we love and think you'll like too. We have affiliate and advertising partnerships, which means we may collect a share of sales or other compensation from the links on this page. BTW – prices are accurate and items in stock at the time of posting.