The hackers who stole 40 million credit- and debit-card numbers from Target Corp. appear to have breached the discounter's systems by using credentials stolen from a vendor, MarketWatch reported. The finding will help to start unraveling the riddle of how the software that carried out the attack got into Target's systems. "We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor's credentials, which were used to access our system," Target spokeswoman Molly Snyder said. Target didn't say how the credentials were stolen or which specific portal the hackers logged into. The company did say it has limited access to some of its computer systems while the investigation proceeds.