Originally Posted by
eponymous_coward
The attack being used is a
BIN attack, according to a BILT representative on Reddit. So it's possible for them to guess numbers of cards that are in transit.
If it is a BIN attack, how do they find out the right cvv, expiration date and billing address?