Skip to comments.In Target, hackers found a gold mine -- with easy access
Posted on 01/19/2014 10:35:43 AM PST by TurboZamboni
It was, in essence, a cybercriminal's dream.
For months, an amorphous group of Eastern European hackers had been poking around the networks of major U.S. retailers, searching for loose portals that would take them deep into corporate systems.
In early November, before the holiday shopping season began, the hackers found what they had been looking for -- a wide path into Target and beyond.
Entering through a digital gateway, the criminals discovered that Target's systems were astonishingly open -- lacking the virtual walls and motion detectors found in secure networks like many banks'. Without those safeguards, the thieves moved swiftly into the company's computer servers containing Target's customer data and to the crown jewel: the in-store systems where consumers swipe their credit and debit cards and enter their PINs.
(Excerpt) Read more at twincities.com ...
I can’t believe people are still using their credit and debit cards in stores. If it’s too big a purchase for cash, use a check or a bank money order.
I can explain why I do it.
The two times I’ve had “credit card fraud” it didn’t cost me a penny. A bit of time and a couple of phone calls and that was it.
And it was the card company (Discover) who called me with the info, minutes after it happened.
If there was some significant economic downside, yeah I would switch to something else.
HUH? I thought someone was reporting some 17 yr old punk was responsible. Now it’s eastern europeans? I’m confused. I don’t think THEY got my debit card. Somebody did and I caught it within a day because I check my financial stuff daily. (my sister says I’m anal.) Had to get yet another new card.
Is target liable for losses at this point? Or, are they going to wait until they lose a lawsuit?
I use checks or cash. Yeah, I’ve heard all the complaints about checkwriters taking forever, but I always have mine filled out except for the amount, which I write fast. Quite often I take less time than the person ahead of me who fumbles with their debit card (”What button do I push now? It isn’t working.”)
Target cashiers used to bug me nonstop to ditch my checks for their Redcard. I notice they’ve stopped. ;)
>>The two times Ive had credit card fraud it didnt cost me a penny.
Same here. This is an area where consumers are pretty well protected. My credit union is a pit bull with their credit cards. I even had them call me once when I put gas in my car and my wife’s without reswiping the card. They saw that I was buying a lot more gas than I usually buy at one time and they called me about 30 minutes after I left the station.
That’s a lot safer than pulling $200 out of the ATM every time I want to go buy groceries.
I have stopped going to Target for awhile until this mess clears. I only made one purchase at Target during the infected known timespan. So far, nothing from my credit card company.
>>Yeah, Ive heard all the complaints about checkwriters taking forever, but I always have mine filled out except for the amount, which I write fast.
Every checkwriter I know claims they do that. But every checkwriter I get behind in line stands there (usually talking on the phone) right up until the cashier tells that how much they owe, and then they start digging in the purse for the checkbook.
And then the pen.
And then they act surprised when they have to produce and ID or two.
Where is Target’s IT department? In Bangalore? Likely half of it is there.
One thing for sure, I never use the PIN option with a debit card.
Thanks for posting this. It’s a nice bit of background on a fraud challenge which will be with Target for some time.
With 40 million stolen credit and debit card accounts used at Target floating around in cyberspace, youd think everyone would know someone hit by credit card fraud by now.
Not so. Not yet, anyway. In fact, according to one fraud-fighting company, theres little sign of an increase of fraudulent charges among Target breach victims. What gives?
Theres a difference between having your account number compromised and actually being hit with credit card fraud. One often leads to the other, but not always. At least, not right away.
BillGuard is a third-party service that lets consumers register their credit cards, then uses software to scan bills for fraud. Mick Weinstein, vice president of marketing at BillGuard, says 32,000 BillGuard customers were among those whose account info was stolen in the Target card heist meaning they used their cards at the retailer during the nearly three-week stretch when hackers were siphoning off the card numbers.
Among those 32,000 accounts, about 2% were hit with fraud by the end of last week, Weinstein said almost exactly the same fraud rate as a control sample of BillGuard customers who werent Target victims.
I would bet that the cause is not just in the code. As always, it is a systemic cause, organization of the department in charge, whether affirmative action, or butt kissing environment, or hurry up and roll it out, we’ll fix it later, we’ve got a deadline, organizations get corrupt just like governments get corrupt.
not unlike Obamacare!
Obamacare is reportedly LESS SECURE than this
Good thing there are far fewer people at the obamacare website
Well all I’ve heard about is stolen CC numbers, but nothing about actual use (or misuse) of those numbers.
Has anyone lost any real money?
OK, I read the linked article. there have been some charges made to stolen cards.
I’ve heard reported usage of the info. I haven’t looked for links. but they interviewed a few. Used in Africa, and another person got his credit card maxed out while was stranded in Honduras.
Target needs to start Chapter 11 now.
They did not perform their Due Diligence on IT security.
Target hired IT rookies and used Microsoft servers.
The hackers were not genius as they were using microsoft
Visual Basic Scripting phishing the Target network for months.
Well, I guess that’s every checkwriter you know (so to speak) minus one.
“Those cards will continue to have value for quite a while. These cards will still be available for purchase a year from now.”
Which is why EVERYONE whose card was stolen should have IMMEDIATELY cancelled their accounts and obtained new cards with new account numbers, despite the BS from Target and others that “monitoring” your bill for a couple of years was all that was necessary.
BS and four wetawds to write this drivel.
Inside job period.
Yeah, that’s what they want you to think. Do folks think the Department of Defense and other government sites hit by Wikileaks were easy targets?
Sorry, but I don’t think Target was an easy touch. There are people out there who are very crafty, and can break these systems.
Frankly, I think it would be a hoot if someone were to wait until the NSA states it doesn’t do something, and then release information taken from them that shows they do in fact do it.
It’s the credit cards company problemo.
Same here. I use Amex for everything. If they detect fraud they issue a new card immediately. Any disputed charge comes off immediately. Safer than cash.
I've stopped paying with my debit and have switched to Amex as well.
Right you are!
Its the credit cards company problem.
Target is self insured.
Near the bottom of the long article it stated that those numbers will still be sold a year from now.
If I had shopped at Target I would change all my numbers. I'm just saying.
Plus, I will now go back to checks when I don't use cash.
You would think Visa would notify me? Maybe they feel my card is okay? It was a credit card I used, not a debit card.
I forgot to add that Neiman Marcus and at least three other undisclosed retailers were hit. Probably same scenario.