Security Firm Identifies Malware Used in Target and Neiman Marcus Security Breaches

By
Photo: PARK JI-HWAN

As many as 110 million customers had their credit- and debit-card data and other information stolen from Target and Neiman Marcus in December, and a security firm claims to have figured out how the cyber attacks were carried out, though they're still not sure who did it. IntelCrawler released a report Friday saying that a "very well known" 17-year-old Russian programmer created and sold the code that was used against the two retailers.

From the Washington Post:

The company said the teenager did not perpetrate the attacks, but that he wrote the malicious programs — software known as BlackPOS — used to infect the sales systems at Target and Neiman Marcus. Andrew Komarov, the chief executive of IntelCrawler, said the attackers who bought the software entered retailers’ systems by trying several easy passwords to access the registers remotely.

Though Target didn't comment and Neiman Marcus simply said they've "heard no claim about weak passwords from anyone with direct knowledge of the retailers' system," Komarov believes IntelCrawler has "identified six additional breaches at other retailers of various sizes across the country," though he didn't name names. Time to start paying attention to e-mails from wherever you shop.