Home Depot admitted today that hackers really did breach the company's payment systems in US and Canadian stores and may have been breaking in since April, the Wall Street Journal reports. The Atlanta-based home-improvement chain said it investigated the hack with banks, law enforcement, and tech security companies like Symantec. The company promised that no customers would end up paying "fraudulent" charges, but it didn't say how many accounts were hacked or how long the hackers had access to the system, the Atlanta-Journal Constitution reports.
Krebs on Security, which broke both the hack and the probe results, reports that the same hackers who got their hands on 40 million Target customer accounts last year may have struck Home Depot. They used a variation of the same software, BlackPOS (or "Kaptoxa"), which was invented by a Russian teenager two years ago. What's more, Home Depot customer card numbers have already shown up on the black-market cybercrime website Rescator.cc, where millions of cards from the Target hack were sold. Designed to breach point-of-sale systems that use Windows, BlackPOS can disguise itself as part of the system's antivirus software, reports Trend Micro. (More Home Depot stories.)