Millions of Citibank Customers at Risk Due to Largest PIN Number Hacking in History
0 (0)

The Internet Patrol - Patrolling the Internet for You
Rate this post!
 

A breaking news report (why is it breaking in England, not here in the U.S.?) reveals that millions of Citibank customers’ accounts are at risk as a result of what the London Times is calling the “biggest and most effective remote PIN code theft scam in US banking history.”

According to the report, “Citibank machines in 7-Eleven convenience stores across America were the target,” and already more than $2million has been drained from Citibank customers’ accounts.


The situation came to light only because the original perpetrators have been caught, and are now in custody, and wending their way through the U.S. court system. But the hacking into accounts was continuing at least into this spring, and of course we all know that lists of PIN codes – like email addresses – can be sold. Meaning that there is a high probability that the stolen PIN numbers are still in the hands of someone who will use them maliciously – and, if you are a Citibank customer, it’s time to go over your statements for the last several months with a fine-toothed comb, and for goodness sake change your PIN number!

The report blames the situation on the fact that the ATM infrastructure “is now built on Microsoft’s Windows operating system, and the cash machines themselves can be remotely diagnosed and repaired online. Unfortunately, this means that PIN codes have started to “leak” along the way — suggesting that industry guidelines on encryption are not always being followed.”

Of course, we predicted this 3 1/2 years ago, when it was first announced that thousands of ATMs in the United States were being moved to a Windows platform, and again just four months later when Wells Fargo announced they had moved their ATMs to the Windows platform.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

Apparently Citibank did too, much to the detriment of their users, it is now clear.

Of the news of the Citibank PIN exposure Gartner security analyst Avivah Litan said “PINs were supposed be sacrosanct. What this shows is that PINs aren’t always encrypted like they’re supposed to be. The banks need much better fraud detection systems and much better authentication.”

Ironically, it was Litan who said, back four years ago, that “the move to Windows-based ATM systems is “not great news for the security of the system. I’m sure there’s a lot of holes that will be created because of this.’ ”

 

According to the times, it is not yet clear exactly how many Citibank customers have already been affected by this. There are more than 5600 Citibank ATMs in 7-Eleven stores across the U.S..

According to Don Jackson, director of threat intelligence for the computer security company SecureWorks, the only thing that really makes the Citibank PIN hacking case unique is that the guys were caught. Citing an alarming spike in the number of such hacks in the past year, Jackson said that there are “a whole lot of other PIN compromises going on that aren’t reported.”

Citibank has refused to comment on the situation, other than to say “We want our customers to know that, consistent with legal requirements, we do not hold them responsible for fraudulent activity in their accounts.”

They had bloody well better not, given that it’s their fault for setting up their ATM network on such an inherently – indeed predictably – insecure platform.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

Rate this post!
 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.