Target Hack Possibly Started With Vendor Credential Theft

Much has already been said and written about the Target hack which occurred over the holiday season. The retailer itself had confirmed that it had been the victim of a security breach, and soon after, another retailer confirmed the same. Security researchers are of the view that multiple U.S. retailers were attacked during the same period, using one form or the other of the same malware that a Russian teenager is believed to have written. Federal Authorities including the U.S. Secret Service are investigating, and Target reveals that the wheels might have been put in motion when credentials from one of its vendors were stolen.

A spokeswoman for Target said that the ongoing forensic investigation indicates that intruders stole a vendor’s credentials, which were then used to access its systems. The company has not elaborated exactly what type of credentials were stolen, and from which vendor. The data leak resulting from this attack affects over 70 million Target customers, and in a bid to extend an olive branch, the retailer has already announced that it will offer one year of credit monitoring and identity theft protection to affected customers absolutely free. Earlier this week U.S. Attorney General Eric Holder confirmed that the Justice Department is also investigating the Target hack.

Adnan Farooqui
Categories: General
Tags: Hacking, target