Holiday shoppers beware: Hackers may have broken into the databases of retail superstore Target and made off with millions of customers' credit and debit card information.
According to security expert and blogger Brian Krebs, sources from two top-10 credit-card issuers told him that between Nov. 28 and Dec. 6 — possibly extending to Dec. 15 — an unspecified number of credit card data from in-store transactions has been stolen from "nearly all Target locations nationwide," Krebs wrote on his blog.
Target has yet to confirm whether the breach occurred, but Krebs reported that several of his sources said the compromised credit and debit card numbers are in the millions.
"When all is said and done," one source told Krebs, "this one will put its mark up there with some of the largest retail breaches to date."
Anyone who has used a credit or debit card at a physical Target location between Thanksgiving and Dec. 15 of this year should assume their credit card data has been compromised.
There's no evidence yet that people who have shopped on the Target website have been affected. Only "track data," or data stored on a card's magnetic stripe, appears to be involved. The thieves could use the stolen data to forge new credit cards by encoding the track data on a new magnetic stripe.
It's not clear if the breach includes PIN numbers associated with debit cards used at Target, but if so, the thieves could use those as well to make unauthorized cash withdrawals.In October, Adobe admitted that hackers had stolen 150 million account credentials, compromising the emails and passwords of more than 38 million individual users.
In May, open-source content management system Drupal was hacked, and almost 1 million users' email addresses, passwords and other personal information was stolen.
- How to Protect Yourself From Data Breaches
- Bitcoin Heist: Millions Vanish From Online Black Market
- 12 More Things You Didn't Know Could Be Hacked
- Brian Krebs