Target's Data Breach Started With an HVAC Account

Posted by samzenpus on Thursday February 6, 2014 @09:05AM from the sneaking-in dept.

Jim Hall writes "Security blogger Krebs reports that Target's data breach started with a stolen HVAC account. Last week, Target said the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now claim that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers. Attackers stole network credentials from Fazio Mechanical Services, then used that to gain access to Target's network. It's not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target's payment system network."

1 of 232 comments (clear)

Min score:

Reason:

Sort:

Re:"...as we migrate our audience..." by arth1 · 2014-02-06 09:25 · Score: 5, Informative

Do you actually pay to use slashdot or are you complaining about a service you use freely that is no longer up to your high standards?
We pay in two ways. Well, three, if you include those that pay directly. But otherwise, we pay by contributing, and we pay by watching ads.