iPhone 14 Pro vs. Galaxy S22 Ultra HP Pavilion Plus Planet Crossword Pixel Watch Apple Watch Ultra AirPods Pro 2 iPhone 14 Pro Camera Best Android Phones
Want CNET to notify you of price drops and the latest stories?
No, thank you

Heating vents may have given Target hackers their opening

Network credentials boosted from a Target contractor specializing in ventilation systems are the way that hackers likely got access to the company.

The credentials that hackers used to get into Target's network appear to have come from a compromised HVAC contractor.

The Target hack that shook the American credit card industry and delivered up to 110 million customer records to the bad guys was reportedly successful thanks to a side-door left open by a Target contractor.

The hackers were able to get credentials for Target's network stolen from Fazio Mechanical Services, a heating, ventilation, and air conditioning (HVAC) company, according to independent security reporter Brian Krebs. They were first used to access Target's network on November 15, 2013.

Fazio President Ross Fazio told Krebs that the US Secret Service, which customarily investigates these kinds of cases, visited his company's offices in Sharpsburg, Penn., but that he wasn't there during the visit.

A fraud analyst with Gartner estimated to Krebs that Target could be forced to pay up to $420 million to cover costs associated with the breach, including noncompliance with credit card network standards, banks reissuing cards, legal fees, credit monitoring, and other costs. Those costs apparently don't include an upgrade to the more secure chip-and-pin credit cards and card readers.