Target: PINs taken but not plundered

  • Article by: Jennifer Bjorhus , Star Tribune
  • Updated: December 27, 2013 - 11:49 PM

The personal identification numbers snatched by hackers were heavily encrypted, retailer says.

  • 45
  • Comments

  • Results per page:
bubzkiDec. 27, 1311:39 AM

PIN = Personal Identification Number, not Personal Identification Number Number. Please, PIN, not PIN number.

14
32
cynic17Dec. 27, 1311:44 AM

And we are just supposed to trust what Target says???? Changed my PIN on my cards as soon as I heard about the breach. I biggest concern is still how this breach happened for so many days before it was discovered.

36
6
dorkeemnDec. 27, 1311:46 AM

It happens at Target and it's a story for days. It happens at a gas station and it's a story for 1 hour. The biggest question - How did the POS devices get infected? Was the malware on them when they were installed? Or did someone hack them after the fact and install it?

36
1
llsDec. 27, 1311:51 AM

JP Morgan/Chase is replacing all consumer debit cards, as announced last week-end. Consumer Reports also recommends that anyone who used their debit card at Target during the period of the hacking should replace their cards. Debit cards are tied to checking accounts. I wouldn't believe a thing Target says in the lame attempt to cover up a serious security breach. To me it reflects a very weak and possibly understaffed IT and cyber security staff. It's all going to come out in the Congressional hearings and Department of Justice investigations. Target Corp seems to be looking more foolish, irresponsible and dishonest every day.

23
23
blorangeDec. 27, 1311:55 AM

These PINs are not safe. There are two limiting factors in cracking any encryption key. One is hashes / second, how quickly you can retry the problem. The second is actually verifying that the result you got was the correct one. In this case the 1st factor is meaningless, you can try infinite times on your own computer. The 2nd factor is what's important here. In theory, a 4 digit PIN could be anything, so there is no good way of checking that you have the correct one. However, people tend to select memorable digits for their pins, which means that a significant portion of the pins will line up with the given owner's birthdays, ssn, whatever, when you've found the correct hash. It's possible to make attacks like this less efficient by 'salting' the data (adding random junk to each user's PIN) or using unique keys per user. I guess we're about to find out how competent Target's IT security team is.

14
5
decembersueDec. 27, 1312:02 PM

It's a matter of time before they are decrypted. Replace your cards, folks. Don't wait.

26
6
Izzy96Dec. 27, 1312:03 PM

I must say that if you are going to state a title starting with "Debit card PIN's taken...", then adding "but were not plundered" negates the reason for the first premise if a dictionary were followed.

16
3
davehougDec. 27, 1312:03 PM

To me it reflects a very weak and possibly understaffed IT and cyber security staff. = = = One more downside of off-shoring so much IT. Will this be in the textbooks as how to handle the PR of a bad situation or how NOT to :)

27
7
rlwr51Dec. 27, 1312:10 PM

Wasn't there a story in the Strib just a few months ago about Target eliminating a bunch of IT jobs?

25
3
jojoobooDec. 27, 1312:11 PM

Target is losing my trust as they continue to revise what was and wasn't taken. I'm not convinced that they know.

26
8

Comment on this story   |  

ADVERTISEMENT

Connect with twitterConnect with facebookConnect with Google+Connect with PinterestConnect with PinterestConnect with RssfeedConnect with email newsletters

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT