Experts find out how the data of one hundred million Target customers hacked

Experts from Verizon conducted an investigation into how hackers managed to break into the security system of Target, one of the largest retail chains in the US.

As it turned out, the main reasons were simple passwords and outdated software.

Recall that cyber attacks on Target led to the leakage of personal information of about one hundred million users, including the compromising of credit and debit card numbers, phone numbers, names, addresses and other information. The investigation revealed that when hackers gained access to the company's network, there were virtually no ways to prevent a malicious presence.

Target suffered from many security problems, including the use of simple default passwords that were stored in a file on multiple servers. During the investigation, Verizon specialists were able to quickly gain access to the company's internal network and even use an account with system administrator rights, which allowed them to freely “move” around the network. Within a week, experts were able to crack 86% (547470) of Target passwords.

According to Verizon's report, 4312 users used the same password "Jan3009#", 3834 used the same password "sto$res1" and 3762 used the same password "train#5". A huge number of passwords had the same components: 8670 passwords used the word “target”, 3050 used the word “summer”, 3840 used the word “train”.

Verizon consultants noted that Target systems were running on outdated software, and also without important security updates. Experts were able to easily hack various systems due to uncorrected vulnerabilities in the internal network, as well as access to the entire network using the account domain.

Currently, representatives of Target have not confirmed, but have not refuted the authenticity of the report.