The Target mess
Jan. 17th, 2014 12:26 pmSo today I got the email from Target saying my information might have been compromised. As my last purchase at Target was long before November, I'm not too concerned about my credit card info being stolen. I don't recall having ever applied for a Target card, nor registering on the Target web site. I also searched my email for target.com and found that I never directly received an email from them, so I'm wondering how they got my email. I imagine that it might have gotten spawned from someone like GE Capital Services, but I don't know for certain. Still, if they're willing to pay to monitor my nonexistent income and credit for a year, why not.
The hack that got the credit card data was interesting. It was malware that sat on their POS terminals that nabbed the credit card number, and apparently the PIN, before it was encrypted and sent it all to an FTP server in the US that then sent it to Russia
Here's a couple more articles from Wired about it:
This one talking about how it happened again after they were hacked in 2005. Basically during the TJ Maxx hackathon companies were certified as having proper credit card security WHILE the hackers were active in the system. An audit after the hack was revealed showed they were non-compliant, is this a case of hindsight being 20/20?
http://www.wired.com/threatlevel/2014/01/target-hack/
This article talks about the specific malware, which you can buy for $1800-2300. Pretty good return on your money.
http://www.wired.com/threatlevel/2014/01/target-malware-identified/
The hack that got the credit card data was interesting. It was malware that sat on their POS terminals that nabbed the credit card number, and apparently the PIN, before it was encrypted and sent it all to an FTP server in the US that then sent it to Russia
Here's a couple more articles from Wired about it:
This one talking about how it happened again after they were hacked in 2005. Basically during the TJ Maxx hackathon companies were certified as having proper credit card security WHILE the hackers were active in the system. An audit after the hack was revealed showed they were non-compliant, is this a case of hindsight being 20/20?
http://www.wired.com/threatlevel/2014/01/target-hack/
This article talks about the specific malware, which you can buy for $1800-2300. Pretty good return on your money.
http://www.wired.com/threatlevel/2014/01/target-malware-identified/