MINNEAPOLIS - Target hackers used credentials from a refrigeration, heating and air conditioning contractor to gain access to the retailers computer system, according to a report.
Journalist Brian Krebs, who broke the original Target breach story back in December, reported the news on his website Wednesday. He wrote the Secret Service had contacted Pennsylvania company Fazio Mechanical Services as part of its investigation.
The report alleges hackers stole the company's credentials and then gained access to Target's system. Fazio Mechanical Services is apparently a contractor that Target and other big retail stores use.
A Target spokesperson would not comment about the report saying it was a "very active and ongoing investigation". Fazio Mechanical Services did not return a phone call for comment.
A Secret Service spokesperson would only say investigators are looking into it.
"With a crime like this, all they have to do is compromise the weakest link," said Ryan Carlson with The Nerdery.
So why would a refrigeration and HVAC company have access to a retailers computer system? Carlson says most everything is computerized these days.
"And once you have their credentials, then you can get in past the big wall of security. And once inside it's a playground," he said.
The Target and Neiman Marcus breaches could bring with it more regulation which Congress is discussing this week.
"If the government is saying this is what we require you to do to be secure, at least we'll have some baseline perhaps. So companies can all be on the same level," said Chris Wade with The Nerdery.
Both Wade and Carlson said the convenience of technology is far outpacing the security of it,.
"Anywhere there maybe a vulnerability. People work really hard to exploit them and they have all the time in the world."