Alabama’s Largest Credit Union Hit by BIN Attack: How Criminals Exploited Card Numbers to Target Walmart Transactions

Earlier in the week, we wrote about how the largest credit union in Alabama, Redstone Federal Credit Union(REDFCU) , was the target of a cyber incident in which members reported fraudulent charges from Walmart.com on their accounts. At the time of that article, REDFCU was quite secretive about what happened, but finally, later in the week, the bank released information to a local news outlet in Huntsville that the attack was the result of a Bank Identification Number (BIN) attack. Brief Information About BIN attacks: Every credit card has six digits at the beginning of the card that are tied to a specific bank. When attackers obtain those six digits, which are the same digits for thousands of customers, they can then utilize software programs to brute-force the remaining digits along with accompanying CVV security codes and expiration dates. The threat actors might then use another tool to push out these generated credit card numbers, expiration dates, and CVV security codes, among thousands of different online matches in hopes that they will get a match and successfully scam unsuspecting bank customers.  In the case of REDFCU, it appears that these threat actors were plugging in the numbers to Walmart.com until…

Continue reading