Target said Wednesday that the hackers who attacked the company employed access credentials that were hardcoded into a product used by the retailer. Target declined to identify the vendor whose credentials attackers had obtained, though confirmed that the attack vector has been blocked. “As we have previously shared, we confirmed the breach on December 15 and were able to eliminate the malware and close the access,” a spokeswoman said. “Since that time we have taken extra precautions such as limiting or updating access to some of our platforms while the investigation continues””]
Source: https://www.darkreading.com/attacks-breaches/target-hackers-tapped-vendor-credentials