Skip to main content

Report: Email phishing scam led to Target breach

  • Author:
  • Updated:
    Original:

The cybersecurity blogger who broke the news of the massive data breach at Target continues to reveal how the hackers gained access to the retail giant's network.

Sources close to the investigation told Brian Krebs that the exposed consumer financial data of millions of Target shoppers "appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer," Krebs said Wednesday on his blog, Krebs on Security.

Last week, Krebs said the hackers snatched the data using credentials stolen from Fazio Mechanical Services Inc., a refrigeration, heating and air conditioning subcontractor that has worked at a number of Target stores.

The Sharpsburg, Pennsylvania-based company confirmed its link to the breach, saying it was also a victim of a "sophisticated cyber attack."

According to multiple sources close to the investigation, "those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers," Krebs said.

Two of the sources said the hackers used a program called Citadel to steal Fazio's passwords.

Krebs also points out that Fazio did not completely have their guard up against an attack.

The company said last week that its security measures are in full compliance with industry practices. But Krebs says Fazio was using a free version of an anti-malware software, which is not intended for corporate use and does not offer real-time protection against threats.

Next Up

BearTracks3

MnDOT debuts driverless shuttle in White Bear Lake

This is one of several self-driving pilot programs MnDOT is working on.

snow

Farmer almanacs release their 2022-23 winter forecasts for MN

November is right around the corner and one of the almanacs figures it'll be a cold and snowy month.

image

Minneapolis Police Department seeks authorization to use drones

A public hearing on the matter could be held this month.

Screen Shot 2022-08-08 at 12.50.25 PM

Minnesota Harvest apple farm to open under new owners this month

New food and attractions are in store for this season's fall fun.

Pixabay - water surface

22-year-old man found dead in central Minnesota lake

The man was reported missing and later found dead in the water near the lakeside residence.

Cabela's

Seven kids charged over shoplifting at Cabela's, 100 mph police chase

The youths were pursued in a a stolen car and almost hit a squad car, police say.

Screen Shot 2022-08-08 at 7.50.05 PM

Missing: 17-year-old Waite Park boy last seen July 3

Police say there is no reason to believe he's in danger.

Melanie Valencia

Northfield bicyclist killed in crash identified as 14-year-old

She was riding her bike to soccer practice before a driver hit her last week.

Samantha Holte

Appeal to find 17-year-old Minnesota girl

She was last seen north of Fergus Falls.

Pixabay - water surface

Man's body found near empty fishing boat on St. Croix River

The boat, and an unoccupied truck found on the shore, belong to a 43-year-old White Bear Lake man.

Related