As part of the cleanup from the Home Depot data breach, senior executives were issued “new, secure iPhones and MacBooks” after the breach was discovered to be the result of a Windows vulnerability. 9to5Mac reports on the specifics mentioned in a Wall Street Journal piece that breaks down the events leading to the largest retail breach on record (as of now).
Similar to the breach at Target, Home Depot was hacked by someone who stole a password from a vendor, which provided access to a system that wasn’t very well segregated from the rest of Home Depot’s network, allowing the hacker to gain access to “more secure” Home Depot data, including not just 56 million credit card accounts, but a bonus 53 million email addresses.
Specifically this access was obtained using a vulnerability in Windows, which Microsoft promptly released a patch for. However, since hackers were already inside, it did no good. Self-checkout lanes were targeted, and the malware installed on those remained there for five months.
For more information about the timeline of the hack and how it was discovered, check out the Wall Street Journal article about the conclusions from Home Depot, security personnel, and law enforcement.
The Mac Observer Spin
It’s interesting to me how this happened, and how one of the first steps taken to counteract the Windows vulnerability was to use a Mac. It was nice to get to read the breakdown of the findings and the timeline of the breach, sometimes with retailers that information doesn’t ever come out, so I’m glad to see it made a splash. I have nothing against Home Depot, but I hope with the advent of Apple Pay and “chip and sign” credit cards, Home Depot manages to hold on to this auspicious record for a very long time. I’d really like some time to recover from my breach fatigue.