It said hackers accessed its network with a vendor's username and password between April and September.
The company had previously revealed that 56 million debit and credit card details were also stolen in the hack.
Analysts say it is one of the largest data breaches on record, surpassing a similar incident at retailer Target.
Home Depot insisted on Thursday that the file containing the email addresses did not contain passwords or other sensitive personal information.
But it warned customers to be on guard against further phishing scams that might trick them into sharing personal information.
Customers that have been affected in the US and Canada will be notified and offered credit monitoring, the company added.
The latest update came just weeks after Home Depot disclosed the data breach, saying 56 million credit and debit card details were taken.
The company said it was still investigating the incident.
It follows a similar case involving Target, another US retailer, which was targeted by hackers in December 2013.
Target said payment and personal data from as many as 70 million customers was taken.