Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Target Confirms Hackers Stole 40 Million Credit Cards
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 3   >   >>
billmosby
billmosby,
User Rank: Apprentice
12/19/2013 | 3:53:53 PM
Credit card theft is getting to be pretty normal.
Thank goodness I have never actually found anything I was looking for at Target in recent years. lol.
cbabcock
cbabcock,
User Rank: Apprentice
12/19/2013 | 3:28:58 PM
Yes, bring the miscreants to justice
This just plain hurts Target, and confidence in credit card use at retailers everywhere. Target's line about bringing the miscreants to justice was a brave one. If they and law enforcement can do that, maybe there's hope this won't become a commonplace. On the other hand, if they can't, that's a clue to why they couldn't prevent this break-in in the first place.
midmachine
midmachine,
User Rank: Apprentice
12/19/2013 | 1:51:46 PM
Re: Must have been Microsoft servers that got hacked
That is today's most idiotic comment so far...sheesh...
pmoore520
pmoore520,
User Rank: Apprentice
12/19/2013 | 1:40:38 PM
Re: Nice Holiday Present
A recent article I read clued me in to another scam where the cashier (could be any store) will indicate a 'cash back' was included in the transaction when in fact, the buyer did not want any cash back.  The cashier then pockets the extra money.  Check your receipts anytime you use plastic before walking away from the register.  It only takes a moment....
Somedude8
Somedude8,
User Rank: Apprentice
12/19/2013 | 1:39:51 PM
Re: Yikes.
The PCI spec is far from 100% secure. Its really just a minimal starting point.
Exit to Shell
Exit to Shell,
User Rank: Apprentice
12/19/2013 | 1:31:53 PM
Re: Yikes.
I don't think Target should be commended for anything. Coming clean in a hurry without offering any type of free credit monitoring service for the affected guests seems like an inauthentic apology. They are basicllay saying... Hey everyone - we're sorry, I'd keep an eye on my credit card statements if I were you. We'll see if they do something more credible as time passes.

Also, with the rate at which cards are being stolen... 40 million here, 160 million there, there has to be a better way to protect consumers. Hopefully these breaches will drive the credit card/security industry to come up with better system.
jagibbons
jagibbons,
User Rank: Strategist
12/19/2013 | 1:25:40 PM
Re: Nice Holiday Present
The Rec Card is the way to go. Not only do you save 5% on purchases, but in this case Target could very easily cancel and re-issue all of them affected by this breach.
Drew Conry-Murray
Drew Conry-Murray,
User Rank: Ninja
12/19/2013 | 12:48:05 PM
Re: Yikes.
Thanks for the comment. Being compliant with a standard and reducing the risk of a breach to zero are two entirely different things. Being compliant with PCI means that an organization has followed a specific set of instructions for a specific set of controls and practices, like vulnerability scanning and encryption. But this doesn't mean an organization has eliminated all risk. The card brands (Visa, MasterCard, etc.) would like to conflate PCI compliance with invulnerability, but any security practitioner will tell you that invulnerability is an impossible standard.

Think of the PCI system as kind of like a driver's license. You pass a written exam and a driving exam and you get your license from the state. Then you get in an accident. The state comes along and levies extra fines against you for not having a license--because if you got in an accident, then you must not have really passed the test.
Laurianne
Laurianne,
User Rank: Apprentice
12/19/2013 | 12:21:45 PM
Re: Nice Holiday Present
What good does a retroactive noncompliant finding do? Thanks for pointing out this important part of the story. We'll have follow up coverage.
IT-security-gladiator
IT-security-gladiator,
User Rank: Apprentice
12/19/2013 | 12:17:05 PM
Must have been Microsoft servers that got hacked
If Target were running Linux Apache servers this would not have happened. Wise up Target and dump your MicroKlunk Junk MS DOS iis servers asap!
<<   <   Page 2 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-4278
PUBLISHED: 2022-12-03
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /hrm/employeeadd.php. The manipulation of the argument empid leads to sql injection. The attack may be initiated remotely. The exploit h...
CVE-2022-4279
PUBLISHED: 2022-12-03
A vulnerability classified as problematic has been found in SourceCodester Human Resource Management System 1.0. Affected is an unknown function of the file /hrm/employeeview.php. The manipulation of the argument search leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2022-4280
PUBLISHED: 2022-12-03
A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been ...
CVE-2022-4277
PUBLISHED: 2022-12-03
A vulnerability was found in Shaoxing Background Management System. It has been declared as critical. This vulnerability affects unknown code of the file /Default/Bd. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to t...
CVE-2022-4275
PUBLISHED: 2022-12-03
A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can ...