Dialing Congress: Target Offers Updates on Security Breach
Target (NYSE:TGT) offered a fresh batch of news this week on its large-scale security breach in which some 40 million credit and debit card records plus personal information of 70 million customers were stolen. The retailer has committed to keeping consumers and investors updated on the most recent findings in its ongoing investigation into the breach, and Target has stuck to its promise, sharing any good news — and even the bad.
The first new piece of information came on Wednesday when Target said that the cyber criminals who breached its system used credentials they stole from one of the retailer’s vendors, as reported by Reuters. Target spokesperson Molly Snyder explained in a statement, “The ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials, which were used to access our system.”
That statement came about two weeks after journalist Brian Krebs, the man behind the security industry blog Krebs on Security, reported that the popular management software enlisted by Target was to blame for the compromise of 40 million payment cards belonging to people who recently shopped at the retailer. According to Ars Technica, Krebs said that malware that infected Target’s point-of-sale terminals was able to log in to a control server inside the Target network by using the account name “Best1_user” and the password “BackupU$r.” The malware functioned by taking payment card data drawn from the terminals used in checkout lines so it could then be periodically downloaded to a difference service for permanent storage.
Krebs then offered an update to his findings Wednesday, and placed blame on the widely used server management program, BMC Software, for allowing the hack to happen. Krebs explained, “That “Best1_user” account name seems an odd one for the attackers to have picked at random, but there is a better explanation: That username is the same one that gets installed with an IT management software suite called Performance Assurance for Microsoft Servers. This product, according to its maker — Houston, Texas based BMC Software — includes administrator-level user account called Best1_user.”