wissel.net

wissel.net

Usability - Productivity - Business - The web - Singapore & Twins

Massive leak of Credit Card Pin Numbers

It seems that Data leaks are considered unavoidable like the flu, taxed or measles outbreaks for vaccination-deprived kids.

There's quite a list:

Kiss goodbye your PIN

You might think, it couldn't get worse, but it did. In an unprecedented development all, yes all of the 6 digit credit card pins have been revealed and posted online.

You can check: your pin will be in that stash. But be careful! Online searches are captured, potentially allowing an attacker to link the numbers back to you. So when inspecting the stash, either look manually or download and search locally.

Of course: you got that file on your local disk, someone might start asking questions. So be considerate!

Update

A single forgotten console.log(...) statement was the source that leaked all those numbers.

The full code, released on APRIL 01 is here:

/* Generates all 6 digit pins in a random order */
const max = 1000000;
const ppl = 10;
const pins = [];

// Prepopulate sequentially
for (let i = 0; i < max; i++) {
  pins[i] = (' 000000' + i).slice(-6);
}

// Randomize location
for (let i = max; i >= 0; i--) {
  let p = Math.floor(Math.random() * i);
  let n = pins[p];
  pins[p] = pins[i];
  pins[i] = n;
  if (i % ppl == 0) {
    console.log(pins.slice(i, i + ppl).toString() + (i == 0 ? '' : ','));
  }
}

Hope you enjoyed it!

Posted by on 01 April 2019 | Comments (2) | categories: Salesforce Singapore

Comments

  1. posted by LM on Monday 01 April 2019 AD:

    Oh no! And it gets even worse: combined with today's date and using a proper algorithm you can even calculate the credit card number AND security number from each PIN! It's high time to get back to clams as a global paying system!!!
    - Thanks for posting!

  2. posted by Lars Berntrop-Bos on Monday 01 April 2019 AD:

    Psst. Don't look now, but I've heard that all 4 digit pin numbers have also been leaked!