SAN FRANCISCO — There are two tracks to finding the identity of a company that has been hit by cybercriminals. Both of them involve going backward.

Over the last few days, thousands of fresh credit and debit card numbers have surfaced on so-called carding sites, which are websites where stolen credit card data is sold. On those sites, Eastern European hackers are selling the stolen account information of people in cities as distant as Mission Viejo, Calif., and Hanover, N.H. They are charging as much as $50 per card.

Bank employees, fraud detectives at computer security companies and law enforcement officials are tracing the path taken by the stolen cards, tracking the source of what appears to be the latest in a series of major data breaches that the Secret Service and the Department of Homeland Security believe has affected more than 1,000 American retailers.

So far, all roads point back to Home Depot. And if the evidence uncovered so far proves to be valid, the hack could top the record-setting breach of Target’s network last December.