Particle.news
Download on the App Store
3 ARTICLES
·
6h ago

YouTuber Exposes 4-Digit PIN Flaw on The Card Network Gift Cards as Company Says Issue Addressed

Experts say weak online protections made brute-forcing four-digit PINs trivial.

Image
Simon Dean was puzzled when he bought a $500 gift card only to find it had already been redeemed. When he decided to investigate what could have happened, what he found astonished him.

Overview

  • Simon Dean says a simple script revealed a concealed PIN on a TEEN-branded card in under 15 minutes after he found one of his two A$500 cards had already been redeemed.
  • He tested the suspected weakness by purchasing a new A$20 card and successfully deriving its PIN without scratching off the code.
  • The Card Network says it investigated the report, refunded Dean, and resolved his concerns, while declining to disclose technical details or the scope of impact.
  • A cybersecurity researcher cited likely gaps such as missing CAPTCHAs and rate-limiting, warning basic coding skills could enable rapid brute-force attacks once cards are activated.
  • The cards are sold through major retailers including Woolworths, Coles, Big W and Target, and Dean says his refund took about six weeks and required a statutory declaration and police report; Finder estimates Australians hold about A$1.4 billion in unused gift cards.