Updated:
Original:

Report: Email phishing scam led to Target breach

Author:

The cybersecurity blogger who broke the news of the massive data breach at Target continues to reveal how the hackers gained access to the retail giant's network.

Sources close to the investigation told Brian Krebs that the exposed consumer financial data of millions of Target shoppers "appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer," Krebs said Wednesday on his blog, Krebs on Security.

Last week, Krebs said the hackers snatched the data using credentials stolen from Fazio Mechanical Services Inc., a refrigeration, heating and air conditioning subcontractor that has worked at a number of Target stores.

The Sharpsburg, Pennsylvania-based company confirmed its link to the breach, saying it was also a victim of a "sophisticated cyber attack."

According to multiple sources close to the investigation, "those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers," Krebs said.

Two of the sources said the hackers used a program called Citadel to steal Fazio's passwords.

Krebs also points out that Fazio did not completely have their guard up against an attack.

The company said last week that its security measures are in full compliance with industry practices. But Krebs says Fazio was using a free version of an anti-malware software, which is not intended for corporate use and does not offer real-time protection against threats.

Next Up

Mike Zimmer

‘Fire Zimmer’ trending after Vikings beat Panthers

The Vikings won the game but their coach is still on the hot seat.

Screen Shot 2021-10-17 at 8.24.33 PM

NCHC condemns Huskies fans for throwing projectiles after controversial no-call

The National Collegiate Hockey Conference says that it will be reviewing both the no-call and the aftermath.

Kirk Cousins

Kirk Cousins saves the day again to get Vikings to .500

Cousins' overtime toss to K.J. Osborn earned a 34-28 victory.

Nurses on strike

Nurses start 3-day strike at Allina WestHealth in Plymouth

A "last attempt" at negotiations failed to produce an agreement last Wednesday.

boating minnesota lake

Minnesota has experienced its deadliest boating season since 2005

Minnesota has seen 17 boating-related deaths so far this year.

Drew Doughty

Kirill Kaprizov makes Kings’ Doughty eat his words

The Kings defenseman isn't a fan of the Wild star's new deal.

Quinn Olson / UMD Hockey

Watch: UMD's Olson goes between-the-legs to set up highlight goal

Another Saturday. Another highlight for a Minnesota college hockey team.

Gopher Hockey

Watch: No-call lifts Gophers to OT victory over St. Cloud State

A blatant hook marred a top-four battle in St. Cloud.

Related