Danny Yadron, Paul Ziobro and Charles Levinson report:
The hackers who stole 40 million credit- and debit-card numbers from Target Corp. appear to have breached the discounter’s systems by using credentials stolen from a vendor.
The finding will help to start unraveling the riddle of how the software that carried out the attack got into Target’s systems. It also underscores the risks companies face as they operate vast, interconnected business systems.
“We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials which were used to access our system,” Target spokeswoman Molly Snyder said.
Read more on WSJ.