Target Credit Card Breach: How the Hackers Got In and How Consumers' Relationship with Credit Cards Might Change
Some new details are emerging about how the hackers who breached Target's credit card system and installed malware on their point of sales terminals managed to accomplish their cyber-heist.
Findings reported by Krebs on Security -- the in-depth cyber security blog run by Brian Krebs that originally reported the Target credit card breach -- are leading to new clues in the retailer's massive cyber-security breach. According to the report by Krebs, posted late on Wednesday, the Target attackers may have used poorly secured credentials "built into a widely used IT management software product that was running on the retailer's internal network."
Krebs points to user account "Best1_user" and password "BackupU$r" used to log into Target's shared drive on its network. "That 'Best1_user' account name seems an odd one for the attackers to have picked at random," wrote Krebs. "But there is a better explanation: That username is the same one that gets installed with an IT management software suite called Performance Assurance for Microsoft Servers. This product, according to its maker -- Houston, Texas base BMC Software -- includes administrator-level user account called 'Best1_user.'"
Basically, the hackers might have used a well-known administrative login to breach Target's system and install the malicious software responsible for exposing some 40 million Target customers' credit and debit card information, as well as 70 million additional customers' personal information. Krebs notes that the Best1_user account appears to normally be restricted to certain network performance analysis capabilities, but that the attackers may have found a way around those restrictions to facilitate lateral movement within the Target network.
For its part, Target says the credentials were stolen. Spokesperson Molly Snyder didn't confirm which credentials were used or what specific point in Target's cyber infrastructure was used to slip the malware in, but stated to The Wall Street Journal, "We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system." Whether the hackers "stole" or simply figured out a login credential and hacked their way from there seems to be up for debate between Krebs and the security sources he cites and Target's internal investigation.
In late December, Target, the second biggest retailer in the U.S., confirmed that it had been hit with a massive data breach, which compromised credit and debit card numbers, PIN numbers, and security codes of customers who shopped in U.S. Target stores between Nov. 27 and Dec. 15 -- some of the busiest days in the holiday shopping season. Later, the store announced that 70 million more customers were at risk for having their personal information, like names, addresses, phone numbers, and email addresses exposed to cybercriminals.
Neiman Marcus then disclosed that it had been a target of a similar type of malware, which exposed 1.1 million customers' credit card information at risk. Since then, the total number of U.S. retailers thought to be victims of the same type of point of sale credit-card scraping malware is six, and the FBI has put all U.S. retailers on alert, saying that not only more attacks are coming -- more attacks are likely happening now.
Cyber Security, Credit Cards, and Consumer Habits After the Target Breach
Eric Adamowsky, co-founder of CreditCardInsider.com, a consumer credit card rating, review, and advice company, told LatinPost that the Target and Neiman Marcus hacks will likely change the credit card industry first, and consumer habits later. "Hacking is certainly shaping the future of the credit card industry," wrote Adamowsky. "With the recent Target and Neiman Marcus breaches, consumers will certainly be much more cognizant of their card usage with big box retailers. While I don't think it will necessarily impact spending patterns, consumers will start demanding increased security from their card issuers, along with reassurance of a zero liability benefit in the case of another massive data breach."
Another massive data breach which seems almost guaranteed to happen some time in the future.
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!