Last week, we talked about the infamous Target hack of 2013. If you haven’t read my previous blog post yet, do that now! It gives some context to what we’ll talk about today. We’re going to talk about 3 security issues that allowed this hack to be so detrimental, and buckle up, because only one of them is Target’s fault.
First, hackers were able to steal login credentials from Fazio Mechanical Services (the HVAC company). Whether the hackers gained the credentials through phishing, brute force password guessing, or malware, FMS’s information was vulnerable.
Second, Target’s systems were not properly segmented or secured. Even if the HVAC company processed payments with Target, there should have been protections that stopped contractors from accessing Target’s entire payment system.
Third, the compromised companies that were used as drop locations for the stolen information were not being properly monitored or protected. Criminal activity should never go undetected in a system.
At every step of the way, there were failings in cybersecurity that made this massive breach possible. Next week, we’ll talk about what we’ve learned from this incident and how it could have been protected against.