According to the latest evidence, the Target breach started with an email phishing scam.
Hackers apparently stole the network credentials from Target’s heating and refrigeration contractor using an email phishing scam that was sent out to contractors and employees at least two months before the big hack on Target’s credit card databases.
Brian Krebs, a data security reported stated that the “malware laced email phishing attack” was responsible for the entire Target breach. “Two of those sources said the malware in question was Citadel — a password-stealing bot program that is a derivative of the ZeuS banking trojan — but that information could not be confirmed,” Krebs said.
Krebs said that a former member of Target’s security team told him that Target uses Ariba software to complete their work order and collect payments. It has been speculated that Ariba’s back end was targeted by the hackers as the software allowed vendors to access the server.
Over 110 million customers were effected by the breach with their credit card and personal information stolen. The breach remains one of Americas largest hacks in history and is still under investigation.