Target's Data Breach Started With an HVAC Account

Posted by samzenpus on Thursday February 6, 2014 @09:05AM from the sneaking-in dept.

Jim Hall writes "Security blogger Krebs reports that Target's data breach started with a stolen HVAC account. Last week, Target said the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now claim that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers. Attackers stole network credentials from Fazio Mechanical Services, then used that to gain access to Target's network. It's not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target's payment system network."

3 of 232 comments (clear)

Min score:

Reason:

Sort:

Car Analogy Time! by sinij · 2014-02-06 09:07 · Score: 2, Funny

If Beta was hot grits, then Natalie Portman would be driving Beowulf cluster of HUGOs!
Maybe this is why we have the beta by Bob+the+Super+Hamste · 2014-02-06 09:09 · Score: 4, Funny

Maybe this is why we have the slashdot beta issue, something came in with the HVAC account at dice. It sucks enough that the HVAC system might be to blame.

--
Time to offend someone
HVAC vendor has network access to the POS system? by jdastrup · 2014-02-06 09:09 · Score: 5, Funny

Might as well give HVAC vendors access to the slashdot beta servers so they can destroy it as well.