Target Customers Targeted in Potentially Massive Data Breach

[Guest]

If you've shopped at a Target store in the past month, your credit and/or debit card may have been exposed in a massive data breach.

Target Customers Targeted in Potentially Massive Data Breach : Read more

 

[Adroid]

No pun intended. I'm a poet and I noet.

 

[velocityg4]

I wonder if any of these companies run Z/OS. From I've read it's never had a virus or been hacked. Maybe it's time to move from Windows Server and Linux to Big Blue.

 

[rwinches]

Wow! I'm glad I used cash during that time period.

 

[JOSHSKORN]

Wow I'm glad I only shopped on Amazon.

 

[house70]

Inside job.

 

[jimb3sixty]

This is a great example of how hackers are getting access to everyones account information as well as what they call keylogging. There is a great software available to install on your home and work computers to keep theives from accessing your information. Please check it out at this link and lets save everyone the headache of having to deal with this kind of situation.
Here is the link, please check it out.
http/cyberwealth7.com/JandL

Thanks,
Jim

 

[Ninjawithagun]

Time to sue Target with a class action lawsuit for providing inadequate cyber security measures on their customer database. This is an easy win for any law firm with that wants to make some easy money.

 

[ovly500]

Edward`s report is really great.. Google is paying 75$/hour! Just work for few hours & have more time with friends and family. Last Wednesday I got a top of the range McLaren F1 from bringing in $5012 this month. I never thought I'd be able to do it but my best friend earns over 10k a month doing this and she convinced me to try this Buzz95.ℂom

 

[Darkk]

Switching one operating system to another isn't going to solve the problem. It's physical access to the database either by network (inside or outside) or somebody at the compromised terminal / PC.

All these stores are connected via VPN to the data center and from there it gets processed. Somewhere along the lines one of these stores's network got compromised and accessed this data.

This happened before with Home Depot's WiFi network. Lucky the damage is only limited to that one store.

This could be very well be an inside job.

I too am affected by this breach and it's really ticking me off. So hopefully my CC numbers will never get used. Going to order new card anyway.

 

[Grandmastersexsay]

It doesn't sound like this was an issue of Target's records being hacked, because Target is stating the only people affected are the ones who made purchases over a narrow time frame. If it was a matter of their database being hacked, the criminals would have records going back much furthur. Like most stores, Target keeps card information in case of returns.

No, this sounds like card data was intercepted from the card swiping machines. Can these swipers have their firmware automatically updated? Do these swipers contact an outside party for authorization? What kind of path does the authorization take? I doubt it is different than most stores. It would be nice to hear from someone in the industry take a guess.


"So in this case the thieves wouldn't be able to use a stolen account to make online purchases (which require the printed CVV) but they could use the stolen data to forge new credit cards by encoding the track data on a new magnetic stripe, Krebs speculates."

That makes no sense. If they could make new cards from this data, they would have to match the existing printed data, which means they could make online purchases.

 

[rawoysters]

I am assuming that all this data was not encrypted? How do companies of this size get away with this kind of complacency?

 

[wirefire99]

they dont actually have to match the printed data on the card. when toy process the debit / credit card at a retailer and swipe the card the numbers requested at most retailers by the computer are the last several digits (4 usually) of the card number itself, not the cvv. This was done a while ago to force the merchant cashier to physically look at the card.

If i have a mastercard issyed from bank X with a number 5999999999999999 exp date of 12/20 and a printed cvv of 888

a capture would give them everything but the physical design of the plastic (design / imaging) and the printed rear cvv. so with a simple mag stripe programmer and card maker, they can forge a random design on the card. imprint the physical numbers and original card holder name. Copy the magnetic data from track 1 and 2 to the card. and just make up a 3 digit rear cvv to make it appear valid (1/1000 they should guess correctly anyway) the new fraudulent card looks real, acts real and has a signature that matches the name on the card. At any retailer it would draw little to zero attention on a cashier's best day.

The credit card system itself allows for this kind of fraud. but upgrading the system to fix the problems would cost billions. easiest thing to do would be to keep the 16 digit system in place and make the response auth code checked against an rsa (or other) key generated by the card. it would require significantly more advanced physical cards, but fraud would be near impossible of credit card contained active changing data.

 

[helldog3105]

If this was data that was intercepted via a swipe through the credit card systems, how did they get the CVV codes? The article explicitly states that they got those codes as well. Under standard circumstances, those numbers should not be saved when swiping your card at a retailer, right? So how did they capture that information as well? It seems to me that however the data was stolen, heads in the IT department will roll for this. If their database was hacked, then the security was too weak. If it was some sort of interception of data as it was sent to the database, then their connections aren't encrpyted well enough, and heads in the IT department will roll. The sad thing is, it is highly possible that someone in the IT department pointed out the security flaw and was ignored, because it would be costly to correct. Isn't that what happened at Sony? Any way you look at it, this is a detriment to people in general. For once I dodged the bullet because I didn't shop there between the affected dates. This is one time, when I really think a Class Action Lawsuit is required. Definitely before this large retail chains get the idea that by shopping at their store binds you to an EULA that can only be found on their website the prohibits Class Action Lawsuits.