UPDATE 2-Home Depot says about 53 mln email addresses stolen in breach
* Says hackers used 3rd-party vendor details
* Reaffirms 2014 sales, profit outlook (Adds details, expert comments)
By Devika Krishna Kumar
Nov 6 (Reuters) - Home Depot Inc, the world's largest home improvement chain, said about 53 million email addresses were stolen during a recent breach of its payment data systems, in addition to some 56 million payment cards previously disclosed by the retailer.
The company, which confirmed the theft in September, said the stolen files that contained the email addresses did not include passwords, payment card information or other sensitive personal information.
Home Depot, which had estimated that the breach would cost about $62 million, was one of a string of U.S. retailers attacked by hackers over the past year.
Criminals used a third-party vendor's user name and password to enter the perimeter of its network, Home Depot said in a statement on Thursday.
The hackers then acquired "elevated rights" that allowed them to navigate parts of Home Depot's network and to deploy unique, custom-built malware on its self-checkout systems in the U.S. and Canada, according to the company.
Home Depot said the stolen credentials did not alone provide direct access to the company's point-of-sale devices. Continued...