Technology blog Gizmodo reported at 5:30 pm on Thursday the suspected cause of last month's Target data breach. Reportedly, authorities may have finally pinpointed the source of the massive Target security breach that allowed hackers to swipe the credit and debit card information of up to 40 million customers. Apparently, one extremely unfortunate HVAC maintenance man has been identified.According to security blogger Brian Krebs, that "third party vendor" who Target had been piling the blame for the breach on was actually "a refrigeration, heating, and
air conditioning subcontractor," Fazio Mechanical Services. Apparently, the hackers stole Fazio's login information and were able to access the Target network through him. Fazio president Ross Fazio even confirmed to Krebs that the U.S. Secret Service had paid his company's headquarters a little visit in connection with the Target case, although that's about all the detail he was willing to give.
Why was a third-party HVAC company's login able to grant hackers access to such sensitive customer data? According to Gizmodo, it's a cost-saving measure whereby large retailers will often hire a team to monitor energy consumption and cut costs whenever possible. Vendors remote in to the network in order to do maintenance (updates, patches, etc.) or to troubleshoot glitches and connectivity issues with the software. After lifting the contractor's login information, hackers were able to test their malware on a small number of Target registers between 11/15 and 11/28. Two days later, the hacking software had spread to "a majority" of Target stores and was actively collecting data from live customer transactions between 11/27 and 12/15.
Read the entire Gizmodo article here.
Posts
0 comments:
Post a Comment