Target Blames Hackers Posing as Vendors for Credit Card Breach, As Information Remains Vulnerable

The Justice Department continues to investigate the massive credit-card breach that stole the information of an estimated 70 million Target customers' information and — for 40 million of them, their card details. Now, Target has now come out saying that the perpetrators behind the massive swipe were hackers who posed as vendors in the company's system in order to gain access to customer data. By 'lifting' the vendor credentials, the hackers were poised to gain access to the supposedly protected data in the Target system.

"The ongoing forensic investigation has indicated that the intruder stole a vendor's credentials, which were used to access our system," said Target spokesperson Molly Snyder.

According to zdnet.com, customer's information is likely still vulnerable:

Target's systems are accessible from a number of outlets and many different platforms could be at fault. For example, two systems -- a human resources website and supplier database -- had access restricted shortly after the attack was discovered, but Target said the hackers used a system which was not related to payment areas.

The malware that allegedly facilitated the information collection at the point-of-sale terminals (aka where shoppers swipe their cards) was apparently written by a 17-year-old Russian teenager living in St. Petersburg. The program's sold more than 60 versions, which means a ton of criminals potentially now have access to customers' card information. The data might be the same information that was used in the recent Neiman Marcus breach, which saw the stealing of 1.1 million customers' information. What's still not known, however, is how the hackers went from pretending to be vendors to utilizing the malware at the terminals.

To figure all that out, Justice Department is currently investigating the matter. Target has also confirmed that the Secret Service and FBI are in on the investigation — primarily because all that credit-card information is still floating around the black market.