By Jim Finkle and Mark Hosenball BOSTON/WASHINGTON (Reuters) – Target Corp said on Wednesday that the theft of a vendors credentials helped cyber criminals pull off a massive theft of customer data during the holiday shopping season in late 2013. The ongoing forensic investigation has indicated that the intruder stole a vendors credentials, which were used to access our system, Target spokeswoman Molly Snyder said in a statement. She declined to elaborate on what type of credentials were taken, who the vendor was, or to provide other details. The companys shares have been hurt since the data breach was announced on December 19, and the incident has drawn scrutiny from lawmakers as well as federal law enforcement and consumer protection agencies.