Target traces security breach to stolen vendor credentials

Summary:The hackers who stole millions of credit card numbers from Target have been tracked back to electronic credentials stolen from a vendor.

Screen Shot 2014-01-30 at 09.50.54

Target's investigation of the massive security breach which allowed hackers to take millions of credit and debit card numbers has revealed a stolen vendor's credentials as a source of access.

Speaking to the Wall Street Journal, spokeswoman Molly Snyder confirmed that "ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system."

While Target has not revealed how the credentials were stolen or which particular outlet was at fault, the firm did say the particular portal now has limited access to its computer systems while the investigation continues. Target's systems are accessible from a number of outlets and many different platforms could be at fault. For example, two systems -- a human resources website and supplier database -- had access restricted shortly after the attack was discovered, but Target said the hackers used a system which was not related to payment areas.

It is not yet known how the hackers moved from an unrelated platform to Target's point-of-sale devices.

Meet the 'Spy Smurfs': Here's how the NSA, GCHQ target iPhones, Android devices

Meet the 'Spy Smurfs': Here's how the NSA, GCHQ target iPhones, Android devices

According to the latest Snowden leaks, Britain's GCHQ can remotely control iPhones and Android devices using "targeted" tools. Meanwhile, the NSA can tap "leaky" apps to determine a person's age and location, and in some cases even their sexual orientation and political views.

Large firms usually have access to far more security-related resources than small vendors and firms that piggy-back on their systems -- whether as part of a supply chain or as a provider of third-party software. As a result, cybercriminals are known to break in to smaller systems with less protection in order to access larger, more lucrative networks. In this case, Target's networks were infiltrated through a third party, allowing the hackers to move through Target's systems to steal valuable credit card information.

The cyberattack, taking place from November 2013, lifted roughly 40 million credit and debit card records from the US. retailer, as well as approximately 70 million records containing information such as addresses and mobile numbers. While Target is working with the U.S. Secret Service and FBI to track down the culprits, the stolen data has been floating around black markets for weeks , according to a report on Krebs on Security.

The stolen data can be purchased as "dumps," data that can be used to clone debit and credit cards to use them in stores. If PIN codes are included within the data dumps, then criminals can also use the clones to take cash from bank accounts using ATMs.

Target is not the only recent high-profile target of data thieves. Last week, U.S. retailer Neiman Marcus Group admitted its own security breach , which resulted in the credit card scraping of 1.1 million customers. Malware on the company's systems was discovered on Jan. 1, and it is believed was able to collect payment card data from July 16 to Oct. 30 last year.

Topics: Security

About

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher. She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charli... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.