The technique behind the Target security breach, which affected up to 110 million customers late last year, is thought to have been discovered. It is believed that network credentials were stolen from Fazio Mechanical Services, the provider of Target’s refrigeration and HVAC systems.
The company released a statement that explained that “like Target, we are a victim of a sophisticated cyber-attack operation.” A valid set of login details were stolen from Fazio and ultimately used to gain access to the payment systems through the data connection between the two companies. This connection exists for electronic billing, contract submission and project management. The use of legitimate login details and a trusted connection meant that the attack went undetected.
