Target: Cybercrooks used stolen vendor ID to hack into system

  • Article by: Jennifer Bjorhus , Star Tribune
  • Updated: January 30, 2014 - 5:59 AM

Retailer said the credentials were used to hack company systems at checkout.

  • 20
  • Comments

  • Results per page:
usrnmeJan. 29, 1410:50 PM

What vendors? Do the vendors have something to do with the information? If not, how do they have access to customers info? Would be nice to know.

12
19
mrprogressiveJan. 30, 14 3:01 AM

Target has a internal website where vendors can track the sales of their items and also coordinate reordering. How a hacker was able to get a virus on a register is beyond me but looks like Target has poor network security and firewalls setup. The website is not real time as the registers only talk to the mainframe at store closing (hence the issues with empty shelves). I am so glad I left Target IT. I said all along this was squarely Targets fault…..

17
27
scoutdadJan. 30, 14 5:31 AM

Phew! Glad to see this wasn't actually Target's fault. I can start shopping there again and feel safe.

9
18
julieannemJan. 30, 14 6:26 AM

Thanks, mrprogressive, for your assessment of what caused Target's data breach. Only an honest former insider from their IT department would tell the truth. Target has lost my business. I used my card 5-6 times at Target during that time frame. Fortunately, I talked to my bank and they are monitoring accounts for suspicious activity.

12
26
orono77Jan. 30, 14 6:59 AM

Help me here. What 'hacking' actually occurred? Judging from this report and others, stolen credentials were used to gain access and a default password built into software (by the manufacturer) was exploited. Shouldn't we be looking to the maker of that software for their lack of security? Is it unreasonable to expect that software used to maintain this type of data be better secured? Regardless, the media needs to stop mislabeling this as 'hacking'.

28
9
NewsGooglerJan. 30, 14 7:02 AM

mrprogressive, if you worked in Target IT--ever--then you'd know you are looking at the wrong vendor network. Target also uses IT vendors, right?

29
6
grblakeJan. 30, 14 8:00 AM

BMC is IT system management software. The bad guys most likely got into the internal network with these credentials then were able to move to the registers and install the memory scraping malware. If that is the case it is poor network segmentation and Target violated the very first requirement of the PCI-DSS. Just speculating but this same attack could have been used at the other retailers that are disclosing breaches.

13
4
tmatuseskiJan. 30, 14 8:01 AM

Several years ago the US banks decided it was too expensive to switch over to the chip cards that Europe and Canada have, with those cards someone making a charge has to have the physical card with them or the charge will not go through. I wonder how much it is costing them now?

14
3
texas_technomanJan. 30, 14 8:36 AM

BMC, if it was them, may have a "secret" password that they can use to remotely diagnose problems and/or apply fixes. Not sure if that is common practice in the systems software space; but if it is, that's bad.

16
0
FrankLJan. 30, 14 9:15 AM

This means that any other company that used this software vendor is vulnerable.

10
1

Comment on this story   |  

ADVERTISEMENT

Connect with twitterConnect with facebookConnect with Google+Connect with PinterestConnect with PinterestConnect with RssfeedConnect with email newsletters

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT

ADVERTISEMENT