The Home Depot hack was even worse than authorities originally thought, according to a new report. Along with compromising 56 million credit-card accounts, the hackers also exposed 53 million customer email addresses.

Two months ago, the hackers accessed the retailer’s system through usernames and passwords they stole from a refrigeration contractor’s electronic billing account. Target and other companies have been infiltrated in a similar fashion. Authorities who investigated the Home Depot incident revealed the full scope of the hack to the Wall Street Journal on Thursday.

The Home Depot hackers took aim at 7,500 of the company’s self-checkout lanes. The software hid itself for five months, collecting data and transmitting it to an outside system.

[WSJ]

Write to Eliana Dockterman at eliana.dockterman@time.com.