HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ackondro

no profile record

comments

ackondro
·3년 전·discuss
I'm not saying this is how it happened, but this is why they may be able to say that. When working with similarly sized companies, I am required to encrypt the files (PGP zip) and transmit over a secure encrypted channel (SFTP). Normally, those companies will use a feature of Moveit to automatically do the PGP encryption/decryption.

However, TJX could have written their security policy such that their Moveit server was not allowed to use that feature, so they used a different piece of software to do the encrypt/decrypt outside of Moveit. Thus, hacking the TJX server would only get a bunch of unencrypted reports and encrypted files with personal info in them. Again, I'm not saying this was what actually happened.