An investigation found that 53 million customer email addresses were taken during the breach, in addition to the compromise of 56 million credit and debit cards the company had previously disclosed. The hackers got into Home Depot’s systems by stealing the username and password of a third-party vendor, the company said Thursday. A spokesman would not give any details about the vendor. The stolen username and password did not give the criminals direct access to Home Depot’s payment system. But it did give the hackers access to a part of the company’s network from where they could deploy malware on self-checkout systems in stores in the U.S. and Canada. The malware was a custom strain that Home Depot’s security team had never seen before. The card readers that were affected have since been removed from stores. The company is also beefing up its payment data encryption capabilities and taking other security measures.