Target Hacks

[ns3]

I got a notification in my email from Target tonight that hackers may have gotten hold of my personal information. This was kind of surprising to me since I rarely shop there and can't remember the last time I did. I don't put much stock in it but they are offering a free identity protection service that I may take advantage of if I can bring myself to indulge my personal information to the protection service they are offering (color me skeptical).

The (major) company I work for was also the target of a hacking attack lately and it has resulted in edicts from top management that are making my life miserable with nothing short of nonsense measures to prevent future attacks.

One thing I notice in these things, both the Target attack, and my own company is that they will not divulge the details of how the attack occurred.

EXCUSE ME, but as an IT professional this would be VERY valuable information in preventing future attacks, don't you think?

But they can't trust me with that information.

Says a lot.

[Pointedstick]

The details are probably really, really embarrassing. "password1" or the like at some link in the chain.

[dualstow]

I got a notification in my email from Target tonight that hackers may have gotten hold of my personal information. This was kind of surprising to me since I rarely shop there and can't remember the last time I did. I don't put much stock in it but they are offering a free identity protection service that I may take advantage of if I can bring myself to indulge my personal information to the protection service they are offering (color me skeptical).

That would be so crazy if this was a hacker group posing as Target, asking you to dish out your info so they can ostensibly protect it, when in actuality they'd be stealing it for the first time. What a beautifully clever scheme!

[Tortoise]

I got a notification in my email from Target tonight that hackers may have gotten hold of my personal information. This was kind of surprising to me since I rarely shop there and can't remember the last time I did. I don't put much stock in it but they are offering a free identity protection service that I may take advantage of if I can bring myself to indulge my personal information to the protection service they are offering (color me skeptical).

That would be so crazy if this was a hacker group posing as Target, asking you to dish out your info so they can ostensibly protect it, when in actuality they'd be stealing it for the first time. What a beautifully clever scheme!

That's almost certainly what it is: phishing.

Don't give them any information. If they are actually Target (or the Target hackers, for that matter), they already have the information. This is probably a completely different group that's trying to grab a few scraps off the table before it's all cleaned up.

[Mountaineer]

I got a notification in my email from Target tonight that hackers may have gotten hold of my personal information. This was kind of surprising to me since I rarely shop there and can't remember the last time I did. I don't put much stock in it but they are offering a free identity protection service that I may take advantage of if I can bring myself to indulge my personal information to the protection service they are offering (color me skeptical).

That would be so crazy if this was a hacker group posing as Target, asking you to dish out your info so they can ostensibly protect it, when in actuality they'd be stealing it for the first time. What a beautifully clever scheme!

That's almost certainly what it is: phishing.

Don't give them any information. If they are actually Target (or the Target hackers, for that matter), they already have the information. This is probably a completely different group that's trying to grab a few scraps off the table before it's all cleaned up.

I think Target is working with Experian, one of the three big credit checking firms.  Seems legit.

.... Mountaineer

[Jan Van]

The details are probably really, really embarrassing. "password1" or the like at some link in the chain.

Tssssk, everybody knows you should use "p@ssw0rd1"!

BTW, the link I got from target is https://creditmonitoring.target.com. Seems the least they could do.


Edit:
Hmm, better than I expected:
"p@ssw0rd1"
https://www.grc.com/haystack.htm
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 4.16 days
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 6.00 minutes

[dragoncar]

I got one, and it's not phishing.  Type the target.com address directly into the browser for maximum safety.

I like the following quote:

"In addition, to guard against possible scams, always be cautious about sharing personal information"

Well duh, I guess I shouldn't have shared any personal information with Target

[l82start]

target announced their intention to provide a free identity protection service in the media, its probably legit but i would never access it through an email link, the extra time it takes to find the service by way of targets website or the identity protection company's is a sound safeguard... if the hackers listen to the news they could very well set up a "you have been scammed, sign up here and get scammed for real" scam 

[dragoncar]

target announced their intention to provide a free identity protection service in the media, its probably legit but i would never access it through an email link, the extra time it takes to find the service by way of targets website or the identity protection company's is a sound safeguard... if the hackers listen to the news they could very well set up a "you have been scammed, sign up here and get scammed for real" scam 

I've definitely got a phishing email based on the Gawker leak, informing me of the Gawker leak.

[ns3]

I think it's legit but I'm still reluctant to sign up for the service with Experian. So far all they have, I think, is name, address, and email. Signing up means giving up a lot more information. How long will it be before we read a story about one of the credit protection services getting hacked into?

I still think we're not getting the whole story on this however. Based on what I've read they are saying it had to do with malware installed in POS terminals but I haven't bought anything at Target for a long time so there is no way they got it by scraping the memory of a POS terminal. They had to have gotten into a database. And I read they were transferring the data from the POS terminals to an internal Target server and then to a server in Russia. This would be nearly impossible in my company without inside help due to firewall rules.

[ns3]

I think it's legit but I'm still reluctant to sign up for the service with Experian. So far all they have, I think, is name, address, and email. Signing up means giving up a lot more information. How long will it be before we read a story about one of the credit protection services getting hacked into?

Are you kidding? Experian, Equifax and TransUnion have more information on you than you can imagine. Credit history, job history, residential history, SS#, just to name a few. In fact, they only thing they may NOT already have is your email address, but you can always use a disposable one if that bothers you.

I meant that was all the information that Target (and the hackers) had. I have experience pulling raw credit reports from all three of these bureaus so I know exactly what they have (and I used to work for one).

Yes, the three credit bureaus already have this information but by typing it all onto the screen and hitting send, do you think it is going into the same databases where they already have this information? I'm guessing not. My own company owned a credit protection service that we bought and tried to incorporate into our product lines. For a while it carried our brand name but it was a totally separate entity, now discontinued (and I don't know why exactly but I suspect because of privacy concerns which have been hitting us hard in the form of federal fines lately).

[ns3]

It is now being reported that a 17-year-old Russian was behind the attacks.

http://www.nydailynews.com/news/world/r ... -1.1583785