Misconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards

Summary

Researchers discovered a misconfigured server operated by Jerry's Store, a carding marketplace, that exposed 345,000 stolen credit cards including cardholder names, addresses, card numbers, and security codes. The breach resulted from an AI code editor (Cursor) creating an unauthenticated open web directory instead of a secured dashboard when tasked by the hackers to build a statistics page. The exposed data was worth an estimated $2.6 million on the dark web, and the incident highlights the risks of using AI-assisted development tools without proper security oversight.

Full text

Security Cyber Crime LeaksMisconfigured Server Run by Hackers Leaks 345,000 Stolen Credit Cards A misconfigured server linked to the carding marketplace Jerry’s Store exposed 345,000 stolen credit cards after an AI coding error caused a major security flaw. byDeeba AhmedApril 30, 20263 minute read Jerry’s Store on Telegram (Image credit: CyberNews) Researchers came across a misconfigured server that was left unprotected by a group of hackers. This server, discovered on 16 April, was linked to an online shop called Jerry’s Store, a carding market where hackers check if stolen credit cards still work. Further digging revealed that the hackers accidentally leaked their own database because of a mistake with an AI code editor. AI leads to a major leak The people running Jerry’s Store used an AI-assisted development environment called Cursor to help write their code. Cursor is a legitimate tool used by programmers to build software quickly. However, according to Cybernews’ findings shared with Hackread.com, hackers were essentially vibecoding, meaning they relied heavily on the AI to do the work for them. This led to a major security failure. When the hackers asked the AI to build a statistics dashboard, it created an unauthenticated open web directory instead of a secure page. This meant the hackers built a website that anyone could enter without a password. “The leak originated from the user asking to create a statistics dashboard, and Cursor created an unauthenticated open web directory to serve the webpage, ignoring the need to set up authentication,” researchers explained in the blog post. An investigation of the chat history showed that the Cursor LLM had enough information to recognise it was helping build a credit card verification service. Researchers noted that this highlights a lack of safety guardrails, as Cursor failed to stop the hackers from using it for criminal purposes. This error also allowed the team to read the private logs and see the exact steps taken to build the site. How the scammers verified cards The hackers used this server to see which of their stolen cards were active. To do this, they used famous websites like Amazon US, Amazon JP, Grubhub, Sam’s Club, Temu, Lyft, Elf Cosmetics, and CountryMax. They would set up thousands of accounts on these sites and try to make tiny transactions. If the payment went through on a site like Amazon, the hackers knew the card was good and could be sold for a high price. The data on the server was massive, including: 345,000 total cards: This included 200,000 that were dubbed invalid and over 145,000 valid cards. Sensitive info: The leak had cardholder names, home addresses, card numbers, and security codes. Market value: Since working cards sell for $7 to $18 on the dark web, this list was worth up to $2.6 million. Cursor generating and executing an insecurely configured command (Screenshots credit: Cybernews) Background and location For your information, Jerry’s Store was launched in late 2023. It is not clear where the group is based. While the person running the shop seems to be fluent in Chinese, the server itself was hosted in Germany. Researchers believe they used a bulletproof hosting provider to stay hidden. Regardless, this case is a lesson for everyone using AI to build software, as it shows that while AI is fast, it can create such disasters for anyone if the code is not manually checked. “While in this case it helped identify credit card fraud-related abuse, it’s also a lesson for developers using Cursor for legitimate uses, showing how it can lead to accidental data leaks,” researchers concluded. Cursor is yet to respond to these findings. We will update our readers as soon as there’s an update. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts ChinaCredit CardsCursorCursor AICyber CrimeCybersecurityJerry’s StoreLEAKSMisconfigurationPrivacy Leave a Reply Cancel reply View Comments (0) Related Posts Security Cyber Attacks Cyber Crime Malware Air-conditioned apocalypse: A blackout scenario involving smart climate control devices Science fiction movies often depict various situations related to cybercriminals’ activity. These can include predicaments where threat actors… byDavid Balaban Security Crypto Cyber Crime News Technology A Syntax Error Led to Crashing of KmsdBot Cryptomining Botnet The KmsdBot was known for targeting both Linux and Windows devices. byDeeba Ahmed Read More Malware Security Hackers Use NFC Relay Malware to Clone Tap-to-Pay Android Transactions A new investigation from mobile security firm Zimperium has revealed a fast-growing cybersecurity threat targeting Android users through… byWaqas Security Huge Security Flaw Left Billions of Smartphone Users Vulnerable A huge security flaw in a Signalling System Number 7 (SS7) left billions of mobile phone users at… byFarzan Hussain

Indicators of Compromise

• malware — Jerry's Store

Entities