Report: Email phishing scam led to Target breach

Author:
Updated:
Original:

The cybersecurity blogger who broke the news of the massive data breach at Target continues to reveal how the hackers gained access to the retail giant's network.

Sources close to the investigation told Brian Krebs that the exposed consumer financial data of millions of Target shoppers "appears to have begun with a malware-laced email phishing attack sent to employees at an HVAC firm that did business with the nationwide retailer," Krebs said Wednesday on his blog, Krebs on Security.

Last week, Krebs said the hackers snatched the data using credentials stolen from Fazio Mechanical Services Inc., a refrigeration, heating and air conditioning subcontractor that has worked at a number of Target stores.

The Sharpsburg, Pennsylvania-based company confirmed its link to the breach, saying it was also a victim of a "sophisticated cyber attack."

According to multiple sources close to the investigation, "those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers," Krebs said.

Two of the sources said the hackers used a program called Citadel to steal Fazio's passwords.

Krebs also points out that Fazio did not completely have their guard up against an attack.

The company said last week that its security measures are in full compliance with industry practices. But Krebs says Fazio was using a free version of an anti-malware software, which is not intended for corporate use and does not offer real-time protection against threats.

Next Up

Antoine Winfield Jr.

Antoine Winfield Jr. says playoff win was "for my pops back in '09"

The son of the Vikings legend did not forget about "Bountygate."

Jared Vanderbilt

Shorthanded Timberwolves fall to Atlanta in Monday matinee

D'Angelo Russell scored 31 points, but didn't have much help.

police lights

Man, 72, critical after possible robbery outside Minneapolis business

The 72-year-old sustained gunshot wounds in the incident.

vaccine

It could take months to vaccinate MN teachers, people 65 and older

"This is going to be harder than going to Ticketmaster and trying to get Bruce Springsteen tickets," Walz said.

Herb Brooks statue

Trump's planned statue garden would include 2 Minnesotans, others with MN links

But there were some notable names absent from the wide-ranging and eclectic list.

k9 zeke

Petition seeks to allow retired Corcoran officer to keep K9 partner

Corcoran's public safety director says if K9 Zeke is donated to the officer it will be a loss for the department.

covid

Here is Minnesota's COVID-19 update for Monday, Jan. 18

The latest update from the Minnesota Department of Health.

Tom Kelly Jr.

Tom Kelly Jr., son of Twins World Series manager, dies at 42

He was a member of the 2001 UST national championship team.

Hennepin County CSI

Police: Man shot in the head by woman in Richfield

It happened in the early hours of Monday.

Related