Hackers ‘shopped’ for millions of credit cards at Target on Black Friday [Update]

Chris Smith
Target moves quickly to prevent future hacks

UPDATE: Target on Thursday confirmed that 40 million credit and debit cards were breached between November 27 and December 15, ZDNet reports, with hackers stealing personal data including customer name, credit/debit card number, expiration date and the three-digit security code.

Millions of Black Friday Target shoppers may be at risk, multiple reports reveal, as hackers may have targeted the giant retail chain’ stores during one of the busiest shopping days of the year, potentially walking away with important credit card and debit card data. Krebs on Security says that the data breach extends to “nearly all Target locations nationwide,” and occurred from Thanksgiving 2013 to December 6, although it could have been extended up to December 15.

While it’s not clear yet whether customers who shopped at Target starting with Black Friday were affected by the data breach, the hackers behind this attack may be able to reproduce credit and debit cards and use them to withdraw cash from ATMs. So far, it’s apparently known that they stole “track data” from cards or the kind of data that’s found on the magnetic stripe of the card including account numbers and expiration dates. In case the hackers have also managed to steal the associated PIN numbers for cards, they would be able to create replicas.

The publication says that trusted sources from two major card issuers said that as many as one million cards from both issuers are thought to be compromised following the Target data breach. “When all is said and done, this one will put its mark up there with some of the largest retail breaches to date,” a third unnamed source said.

The Wall Street Journal has independently confirmed the breach, saying that roughly 40,000 card devices at store registers may have been affected. The Secret Service has confirmed that it investigating the matter, without revealing more details about it, a fact also confirmed by The Associated Press. Shoppers that purchased goods online from Target during the period should not be affected by the breach.

More from BGR: More is less: How a Pebble smartwatch brought sanity to a hyperconnected iPhone user

This article was originally published on BGR.com

Related stories

A chilling start for the shopping season

Google joins Black Friday fun with Cyber Weekend Deals

Apple teases annual Black Friday sale coming later this week