Target Corporation told Wall Street Journal that the massive data breach it suffered last month happened after cyber criminals compromised credentials from a vendor and used them for hacking into the Target system.
The company didn't provide much information. It didn't say how hackers stole the credentials. They also didn't specify in which portal hackers logged into.
Cyber security blogger Brian Krebs who brought the Target breach to the light, said in his blog that malware used in the breach had used username 'Best1_user' and password 'BackupU$r' to access the shared drive. Krebs highlighted the fact that the username is same as the default password used in IT management software developed by BMC Software.
"According to BMC’s documentation, this account is normally restricted, but the attackers may have usurped control to facilitate lateral movement within the network." said in Dell SecureWorks report pointed out by Krebs.
The report also revealed that malware component installed a service called "BladeLogic", appeared to be mimicking the name of another product of BMC.
A Trusted source told Krebs that BMC's software is used by many major retailers. He believes targets also use it.
Krebs also confirmed that cyber criminals known as Rescator are selling millions of cards stolen in the Target data breach.