Skip to main content
Updated:
Original:

Report: Email phishing scam led to Target breach

Author:

The cybersecurity blogger who broke the news of the massive data breach at Target continues to reveal how the hackers gained access to the retail giant's network.

Sources close to the investigation told Brian Krebs that the exposed consumer financial data of millions of Target shoppers "appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer," Krebs said Wednesday on his blog, Krebs on Security.

Last week, Krebs said the hackers snatched the data using credentials stolen from Fazio Mechanical Services Inc., a refrigeration, heating and air conditioning subcontractor that has worked at a number of Target stores.

The Sharpsburg, Pennsylvania-based company confirmed its link to the breach, saying it was also a victim of a "sophisticated cyber attack."

According to multiple sources close to the investigation, "those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers," Krebs said.

Two of the sources said the hackers used a program called Citadel to steal Fazio's passwords.

Krebs also points out that Fazio did not completely have their guard up against an attack.

The company said last week that its security measures are in full compliance with industry practices. But Krebs says Fazio was using a free version of an anti-malware software, which is not intended for corporate use and does not offer real-time protection against threats.

Next Up

Screen Shot 2021-10-28 at 12.20.52 PM

COVID-19 case rate drops in 75 of 87 Minnesota counties

Transmission levels are still high throughout Minnesota.

helicopter-186718_1280

Man, 62, dies after his truck leaves road, hits tree

The Wisconsin man died after being airlifted to Regions Hospital.

pexels - beer buy fridge store liquor

Municipal liquor stores in 24 MN cities could be in jeopardy

These sites reported losses in two of the last three years, triggering a mandatory hearing.

Mats Zuccarello

2 Minnesota Wild players test positive for COVID-19

Both players will be unavailable Thursday night when the Wild face the expansion Kraken.

Target deals weekly ad - 10.31.2021

Target reveals first Black Friday deals, available next week

There are some steep discounts to be had, even though Black Friday is nearly a month away.

Screen Shot 2021-10-28 at 10.10.36 AM

'Dancing with the Stars: Live!' coming to Minnesota in February

The show's professional dancers will be at Mystic Lake.

Train derailment Fairmont screengrab

WATCH: Video shows terrifying moment train derails in Fairmont

A large chunk of the track appears to come off just before the derailment.

brewery

Grocery store beer sales? MN House hears nearly 30 proposals to update liquor laws

Calls to change the state's liquor laws grew louder during the COVID-19 pandemic.

Screen Shot 2021-10-28 at 7.57.25 AM

3 people found dead inside home in Farmington

Police were conducting a welfare check when they found three people dead inside the home.

Screen Shot 2021-10-28 at 7.26.58 AM

Headstones pushed over, smashed by vandals at cemetery in Alexandria

Police have released images of a vehicle they believe is connected to the case.

249680859_3960236007411518_889783566561667391_n

Puppies abandoned at Chaska golf course

It's illegal to abandon animals in Minnesota.

Related