Skip to main content

View Diary: Target Stores Hacked - Up to 40 Million Credit Cards Stolen (48 comments)

Comment Preferences

  •  I'm skeptical about those reports... (12+ / 0-)

    ... how does a criminal add a skimmer to the POS terminals in almost 1800 stores?  The credit card issuers are seeing the effects of the theft across the country.  My guess is that this is a hack on the back end.

    Looking through the bent backed tulips, To see how the other half lives, Looking through a glass onion - John Lennon and Paul McCartney

    by Hey338Too on Thu Dec 19, 2013 at 09:12:28 AM PST

    [ Parent ]

    •  Possible. What about the middleman?? IIRC, (4+ / 0-)
      Recommended by:
      Hey338Too, DRo, AoT, WakeUpNeo

      when you swipe, it goes through a 3rd party, then to the CC company, and then verification sent back to POS??  There are many points that this could have happened.   But, agreed, since it has involved all Target locations, it's more likely that it was at the back end....  I doubt that we'll ever know the whole truth about it though.

      •  . (3+ / 0-)
        Recommended by:
        Hey338Too, nchristine, KenBee

        It’s not clear how many cards thieves may have stolen in the breach. But the sources I spoke with from two major card issuers said they have so far been notified by one of the credit card associations regarding more than one million of cards total from both issuers that were thought to have been compromised in the breach. A third source at a data breach investigation firm said it appears that “when all is said and done, this one will put its mark up there with some of the largest retail breaches to date.”http://krebsonsecurity.com/...

        Be the change you want to see in the world. -Gandhi

        by DRo on Thu Dec 19, 2013 at 09:31:19 AM PST

        [ Parent ]

    •  Just pick the right attack point. (6+ / 0-)
      Recommended by:
      blukat, Hey338Too, DSPS owl, DRo, nchristine, Lashe

      Compromise the server that handles the auth transaction for the POS system. Then you can skim every swipe enterprise-wide. No need for the hassle of cracking encryption on stored info or getting your hands on data like the CVV that's stored transiently either - if you're evesdropping on the auth transaction it's all there, along with the decryption keys for incoming traffic from the POS terminals.

      The hack was described as attacking the POS system not individual terminals. Given the widespread nature of it the crooks had to have nailed a central component of the system.

      •  Wouldn't they have needed (1+ / 0-)
        Recommended by:
        Hey338Too

        a central employee or two?  Is this possible without an illoyal person in the company?

        The opposite of pro is con. So what's the opposite of progress?

        by DSPS owl on Thu Dec 19, 2013 at 11:30:39 AM PST

        [ Parent ]

        •  Probably not... (3+ / 0-)
          Recommended by:
          DRo, KenBee, nchristine

          ... my guess is they found an access point on Target's network which was secured with a weak password.  From what I've read, it appears that the hack had been planned for a while, so who knows how long they had been inside the network poking around and looking for vulnerabilities.

          Looking through the bent backed tulips, To see how the other half lives, Looking through a glass onion - John Lennon and Paul McCartney

          by Hey338Too on Thu Dec 19, 2013 at 11:47:13 AM PST

          [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site