Amazon is raising the price of its rhyme membership by 20 to 99 per year. Current members are being sent reminders about their renewal dates when they have to pay the higher cost. The move will generate additional revenue for amazon. Prime gives members access to free two day shipping and amazon Video Service streaming. John donahoe is stepping up his game at ebay against harel icsahn who wants ebay to spin up paypal. He has consulted with other icahn targets including tim cook and Reed Hastings for advice on how to handle the activist investor. He has met with Goldman Sachs and Institutional Investors to make his pitch that paypal belongs with ebay. The ende era it is of an era for google. It has removed underlined links from his desktop search page print of shown up as underlined links when it first launched back in 1996. It has increased the size of results and even doubt the height of lines to make the desktop page easier to read and more consistent with the google mobile site. The inside story of that massive target data breach we start with a look back at the timeline of events that led to the data breach that touch as many as one in three american consumers. The first time the public heard the target had been hacked was on december 18, 2013. A blogger revealed the company was investigating a massive breach. The breach itself actually began some time before that. What did target now and when did they know it . Hackers began capturing credit card data on november 27. Three days later, sophisticated security spotted the malware. Target had paid 1. 6 million for it because of its ability to detect hacking and realtime. Soon the security worker in india solvate fire eye alarm and the. Operationcenter and the alarms overlooked on december 2, security tools detected another version and this red flag also went undetected. At target act on the alerts at this point, they would have been able to prevent one of the biggest data theft in history. Instead, for more than two weeks, the hackers collected credit card information and bounce around the globe to place like moscow. On december 12, federal Law Enforcement notified target that there is suspicious activity involving card payments. The retailer hires an independent team to run a forensic investigation and on december 15, target confirms it has been hacked and removes the malware. Publices the first statement revealing that up to 40 million cards of and compromise. 20 days later, they notify customers that an addition to credit card theft, personal information for up to 70 million customers has also been stolen, affecting as many as 1 3 of american consumers. Such a fascinating story. Its like reading a thriller. The amount of detail in the story and what happened and how and the fact that target did nothing when they first found out about it. We will go into great depth in the story but the impact is important not just for target and not just for the tons of people affected but for every business involved with customers and technology which would mean pretty much everyone. Michael riley is one of the authors of the story in this weeks Bloomberg Businessweek joins us now. The headline on the story is target blew it. How did they blow it and why . This seems to be a story about targeted all the right things to prepare for this kind of event and spent a lot of money in and bought some very sophisticated tools, fireye is that tool that catches the malware at an early stage and is used by the cia and the pentagon and intelligence agencies all over the world. They created a Security Operations center which is a headquarters where specialists sit and analyze data thats coming in and look at alerts. They had aroundtheclock Monitoring Service including using a vendor in india and yet when the alerts actually when all of that technology and all that money spent actually found the malware as it was coming in, the malware that would have been used to take the data out, the alert was recognized in bangalore and went to minneapolis and nothing happened. There is a human failure at the core of this. Did notlear why the soc react. There were Management Issues going on there. There was an issue of how Security Teams deal with all of his alerts all of these alerts in a timely manner. We know that their tools worked and they spotted the malware in time and they did not do anything to stop it. We have a response from target. This is the full statement. They came back to you with a statement after you asked them questions. Says facing some 90 different lawsuits. It seemed like you guys saw past the mystery about how this ofireye f and the role that target had been using that caught this before anything was even stolen. I think that what they are trying to do is figure out what actually went wrong on the human level. These findings were all known to target as they went back. They were notified by federal authorities that they have been hacked and then they went back to look and see what all of this expensive equipment and costly system they put together did not work. What they found as they did that investigation is that it did work at least on the Technology Level and the question is where was the human fail . Did they not react quick enough or was there a management issue that meant they did not react to the alerts . The systems create a day loose veryta fireye is a specific and good system that does not create false positives. Maybe they did not Pay Attention to the systems they should have. I think that is what they are going through and the ceo says they are doing a complete top to bottom review of there could security system. The company is trying to figure out why this happened and how is it that they could have found the malware in time and not done anything. There is a suggestion they were used to using crummy tools but they got their hands on a good one. The crummysed to response previously . We have seen a security boom in tools. Every company is selling something that says it can save your network and there are many really good tools out there. This is the set of nextgeneration tools that analyze behavior and does not look just look at digital signatures. All of these Big Companies also have a lot of legacy tools and older tools. They all have antivirus which can put up tens of thousands of alerts even in a day and theres a huge amount of information they have to go through. We talked to customers who used fireye and they say it is a good tool but to have to have a Security Team that can respond in time and get what you want. One of the ironies is that which whena function it response to a piece of malware like this, it can illuminate it automatically. Target had that function switch off which sounds weird. Its not that unusual because the it and Security Teams like to have the last step themselves and be able to go and look and see what the problem is. Came tolem is, when it the last step, they did not do it. We will talk more about what information was taken and who took it and where it went and how it was used in the next block. I have to admit that i am one of those people who still scared to shop at target. How safe is it now . Think when companies suffer breaches like this, they tend to hard to learn from them. It is safe in the sense that on december 15, they were able to identify the malware and eliminate it. It was not a hard thing to do because of the way the target systems work. They can justreimage all their pos machines all at once. After december 15, the hackers have been cleaned out and those cards are not at risk. The larger question is for target and other companies, are they suffering is there system vulnerable in ways hackers will continue to do this . Is thing about this hack that it was not very sophisticated. They were not the best hackers in the world. They did some very smart things but a report was released that said if target had their act together, should have found these guys out before they did. Dont go anywhere, you will stay with us through the next block. Up next, how easy is it to buy a stolen credit card number on the black market . We will take a look at the secret websites that are the amazon. Com of credit card fraud and you can watch us on bloomberg television, streaming on your phone, your tablet, and bloomberg. Com. We are talking about the massive data breach at target. Once the hackers stole the credit card, what did they do with them . Thetraffic to them through credit card black market in ukraine. It is a person we believe sells stolen credit cards through several websites print lets bring and the chief Technology Officer at forensic services. He is a former member of the secret Service Electronic crimes task force. Michael riley is back with us as well. Rescatore and what is their role in this . Is inside the code of the malware that was installed on the target pos system. We know that he had something to do with the creation of this malware. Essentially as an armor. Crop and waits a for it to grow and harvest it and takes that crop to market. That is exactly what has happened here. Paint the underworld you describe in your article ofcarders and displacing ukraine were they apparently have conventions were a bunch of people get together and talk about how to use credit card information and they sell it and buy it. Describe this place to me. We know that the cyber underground is becoming segmentedly well machine that operates quite smoothly. Secret service describes a lot these sites compared to the oceans 11 movie. It is different guys with different skills and will do various parts of the hack but you can hire out or find somebody good at any piece of this unique. Once they collect the cards, theyve got a really efficient way of selling them. You can go onto some of the best sites and they work like amazon. Com. You can go onto the site and sign in with a password which you have to get from the sites creator or because you are a client or known, once youre in there, you can search arts by the card round or the Expiration Date and by zip code so if you are buying these cards to commit fraud, you can do it in the same area where the cards are issued so that it does not trigger fraud engines. They make it really easy to do. Then you put your basket of stolen cars into an electronic check out basket and you pay for it using bitcoin or Western Union or whatever currency they want to take. It is pretty automated. Mark, one of the interesting things about the story was the notion that this was not just a bunch of guys in a darkroom on computers in Eastern Europe but there was physical breaches of security. This is a complex operation with like characteristics that involve fake id badges. Security is most important. What troubles me most about this think of it like this target paid 1. 6 Million Dollars for a smoke alarm and when it went off, they took the battery out without seeing if there was any smoke. Described the way the black market works. As i understand it, credit card numbers sell for anywhere from between 600 2000. How quickly can they use these before they are detected . The analogy i used earlier i think is pretty spot on. The individuals in russia are making their money by selling the stolen information. They need to make it convenient so they have put together this amazon. Com for this is that. Data. It is a no frills webpage but it does allow hackers to download very specific or to purchase very specific credit card information even coming back to a certain billing zip code. They can even purchase specific digits,h specific 4 the final four digits on a card in order to circumvent Human Security at the checkout. If youve ever purchased a tv at the checkout, the cashier will often ask you for the card and check the Expiration Date and they will check the last four digits to make sure it matches up with the information stored on the magnetic stripe. These are very sophisticated ofrisgator. Your story is amazing and nice work. I wonder about prosecution and what happens. Can they actually get their hands on these guys . Is there cooperation crossborder . Has that changed with the situation of russia and the ukraine . The short answer is no. That have been operating for years in russia and elsewhere in Eastern Europe. There was an indictment last onr in new jersey that focus a gang like this one that had been responsible for stealing 160 million credit cards at least from everyone from jetblue to citibank and it goes back to the Heartland Payment Systems hack which was 2008. Those guys have been operating for years. They have been untouched in russia. U. S. Law enforcement, its not like i have not tried but it depends. I talked to a former at the eye agent a former fbi agent and he says it depends on the cooperation we get from the home country. Do anything oft they dont respond. The one thing they have tried and have had some success as they try to lure these guys out to a different country. For example, they will lure people out to do a business deal or have a party in the netherlands or amsterdam on the pretext that they are another bad guy. If those guys get them a plan and fly to one of these countries where they have better Law Enforcement cooperation, then they can lay o hands on them. Lets invite them on bloomberg west. Im not sure that will work. Its a nice try. Michael riley, fantastic piece m,ark, please read the piece in Bloomberg Businessweek. Still ahead, how safe is your data and what are Companies Really doing to protect it now you can also watch us on bloomberg television, streaming on your phone, your tablet, and bloomberg. Com. Welcome back. Turning back to the inside story of what went wrong with target and how Companies Deal with credit cards and your information it is not just the bar backandforth of target but how it may serve as an object lesson for how not to screw up for others. We got the perfect person to discuss this, the ceo of a credit card company. How do you deal with it . Security on the internet is a difficult thing. To focus on it everyday. We have an entire Team Dedicated and committed to it. Its all about trust and credibility. The story that you guys produced is a powerful about human mistakes. What i like about what targeted afterwards is the ceo came clean and said this is a bad situation. Eventually. This really felt like a political thriller where you had an administration with an incompetent response to an evolving problem that could have been headed off. I wonder how many credit card numbers to you guys receive . We will do over 3 million transactions this year alone. The business is growing very strong. We started with textbook rental but we do digital subscriptions to learning material so it will just get bigger. How big is your Security Team . We will not give out information but its pretty significant. One of the smartest things that we did is by general counsel was before ebay with 10 years. He has taken that responsibility since the first day he came. Willick with us because we talk more later in the show about the future of chegg and we will have more of bloomberg west. You are watching bloomberg west. I am here with cory johnson. The booking campaign started by Sheryl Sandberg one year ago in the same organization has recruited beyonce in a new ad to ban bossy claiming the word has a negative impact on young girls. Take a look. Take one. Sban bossy. Stubborn. Pushy. Im not bossy. Im the boss. Thomasel thomas joins us the lien in president and cofounder. The people you got to participate in that at her amazing. How do you recruit beyonce to support your cause . We did a lot of outreach and we were thrilled by the response. People said we want to be part of this and participate. Why focus on the one word, bossy . , bossy,e lots of words pushy, know it all and it sends message to our girls not to raise their hands raise their voice and dont leave your people might not like you. We know girls hear this. By middle school, theyre less interested in leading them boys and that is a trend that continues lifelong and they often cite fear of being called bossy or being disliked. This campaign has evolved over the last year. Have you figured out there are different ways to tell the story or has this always been part of the plan to evolve with a certain message . Organization, we are all about encouraging women to lead into their ambitions. Twolean in to their ambitions. We send messages that discourage them from leaving. As early as middle school, they are less interested. I got two little girls myself and i watch them go through the process of Elementary School and watching the social interaction. In terms of your organization and your learning from what you have learned the lester, surely learned over the last year, there has been a plan . Sheryl speaks about the power of bossy and the power of the language we use for our girls. We learn as we go. This emphasis on girls and how important they are and the story of female leadership has been evolving as we involve as an organization. Are you targeting companies or schools . Yes, yes, yes. On our website and activities and how we can encourage girls to lead. This is a campaign about encouragement. Its for girls, parents, teachers, even managers. On small but powerful things we can do every day to encourage girls and women to step forward and take the lead. I have been following the movement very closely from the beginning. It has certainly taken on a life of its own. That has been its fair share of controversy and even the ban bossy raises the question of dealing with that word. How do you deal with controversy and criticism . We want people to talk about these issues. These are important issues. Stereotypes are very powerful and self reinforcing. The stereotype is that girl should not lead or they may not be liked. We celebrate them and cheer them on when they do. We are thrilled about the conversation this is driving. Over 300,000 people have already and 19to be on