The massive security breach Home Depot went public with in September didn't stop at 56 million credit cards. The country's biggest home-improvement retailer announced yesterday that hackers also stole 53 million email addresses—though not passwords or other personal info. Still, the company said customers should be on the lookout for phishing scams that try to get people to disclose personal details, reports the AP.
Hackers reportedly stole a third-party vendor's login credentials to access Home Depot's network and install malware on self-checkout registers that then accessed the credit card and email data. It was designed to evade antivirus software, but Home Depot says the malware has been "eliminated," reports USA Today. The security breach was bigger than Target's in 2013, which exposed 40 million credit and debit cards. Michaels, SuperValu, and Neiman Marcus have also been targeted in similar but smaller breaches. Home Depot's stock rose 5 cents yesterday, while shares have gained 18% this year. It's due to announce fiscal third-quarter results on Nov. 18. (Home Depot previously announced its customers won't be liable for fraudulent credit card charges.)