This article originally appeared on The Next Web
As if the idea of 56 million credit cards being accessed by hackers during the Home Depot security breach wasn’t enough, now the company is saying that the hackers got 53 million email addresses.
Today the chain hardware and lumber store announced that hackers accessed more than just credit card data during a series of breaches that went on between April and September of this year. Home Depot says that customers will be contacted about the breach and warns customers to be aware of phishing scams.
You know, like one from “Home Depot” that has a link to change your password. Don’t click on that.
The company noted that passwords were not compromised during the breach.
In a statement about the hacks the company noted:
Criminals used a third-party vendor’s user name and password to enter the perimeter of Home Depot’s network. These stolen credentials alone did not provide direct access to the company’s point-of-sale devices.
While email addresses are normally less valuable than payment card information, if it turns out that passwords were leaked, access to an email address gives hackers free reign over any type of service that’s connected to that address.
If you’ve ever shopped at Home Depot or Home Depot’s site, it’s probably a good idea to change your email password. Just in case.