News

IT NEWS

5 million payment card details stolen in painful reminder to monitor Christmas spending

Another day, another exposed S3 bucket.

This time, 5 million US credit cards and personal details were leaked online. The Leakd.com security team discovered that 5 terabytes of sensitive screenshots were exposed in a freely accessible Amazon S3 bucket.

An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more. There is no limit to the amount of data you can store in an S3 bucket, and individual instances can be up to 5 TB in size.

In this case we don’t know who’s behind the leak, although it seems clear from the screenshots that it’s a phishing operation and the credit and debit card information was exactly the data they were after. Although they probably didn’t intend to share it with the whole world.

Unfortunately, not knowing who left the data exposed makes it harder to plug the hole, but the AWS Abuse team initiated an investigation based on the information provided by Leakd.

The leaked information contains 5 terabytes of screenshots where victims filled out their details on websites that offered “free iPhones” and heavily discounted holiday gifts.

Organized screenshots taken from victims’ computers
Image courtesy of Leakd.com

Looking at how those screenshots are organized, there are two possible sources.

  • Information stealers, many infostealers are capable of taking screenshots and naming them in a way that helps the attackers track and organize the stolen data.
  • Phishing using websites that were especially set up for this task. This seems to most likely scenario, because of the content of the screenshots.

As Leakd.com describes it:

“The leaked screenshots often featured instances of users entering personal and financial details into seemingly innocent promotional forms.”

Redacted example of an online phishing form
Image courtesy of Leakd.com

What do I need to do?

Stolen payment card details are bad enough, as they can be used for financial fraud, identity theft, and cause privacy issues.

The timing just weeks before Christmas makes it even worse. It is hard enough to keep track of your own spending for some of us, let alone when a criminal decides to spend some of our money. And having to cancel your payment card because someone else might use it is most inconvenient right now.

But if you suspect that your payment card details have been stolen, these are the recommended actions:

  • Regularly check account and card statements and notify your bank about any suspicious activity.
  • Where possible, set up fraud alerts with your bank or payment card provider.
  • Change the password and enable multi-factor authentication if you haven’t already.
  • Freeze your credit so nobody can open any new accounts in your name.

If you don’t want to become a victim of these cybercriminals:

  • Don’t get phished. Be aware of the signs and don’t respond to unsolicited emails and texts.
  • Shy away from sites making too-good-to-be-true offers.
  • Use web protection like Malwarebytes Browser Guard. It flags malicious websites and credit card skimmers that steal your information.

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.