Target has yet to honor a single request for comment from this
publication, and the company has said nothing publicly about how
this breach occurred. But according to sources, the attackers
broke in to Target after compromising a company Web server.
Somehow, the attackers were able to upload the malicious POS
software to store point-of-sale machines, and then set up a
control server within Target’s internal network that served as a
central repository for data hoovered by all of the infected
“The bad guys were logging in remotely to that [control server],
and apparently had persistent access to it,” a source close to the
investigation told KrebsOnSecurity. “They basically had to keep
going in and manually collecting the dumps.”
In what I suspect is not a coincidence, my wife’s credit card, which she used at Target once during the compromised window, was used for fraudulent purchases two days ago.