Hackers could have exploited a vulnerability in Home Depot's payment interface to steal customer payment information, a Bitdefender reseracher said, though it's more likely they broke into the company's storage facilities to steal credentials linked with a potential breach.

Since Home Depot's payment interface, https://secure2.homedepot.com, is SSL-secured, there is a "higher probability" attackers gained access through the latter attack method, researcher Marius Doroftei said in a Wednesday blog post.

A large number of payment cards, suspected as being tied to Home Depot, surfaced on an underground marketplace,  prior to the company launching an investigation. Initial reports speculate that all of the company's 2,200 stores could be impacted, and the unauthorized access might date back to late April or early May.

While Home Depot investigates, it reassured customers that they wouldn't be responsible for fraudulent charges if a breach did occur.