Cybersecurity experts have discovered a credit card breach that threatens to disrupt holiday shopping for millions of Americans.
Researchers at Leakd.com discovered an unsecured Amazon Web Services (AWS) ‘S3 bucket’ that was being used in a phishing scheme, but the criminals left it open online.
An S3 bucket is a virtual folder where companies can store customer data, but this instance contained the credit card information, names, addresses and emails of five million people who fell victim to fake company promotions, including a free iPhone.
Experts urged the public to contact their financial services providers as the disclosed data poses an imminent threat of fraud, unauthorized transactions and identity theft.
While the party or parties responsible for this trove of scammed credit card information remains unknown, Amazon’s AWS Abuse team is now investigating.
Leaked.com said the perpetrators were likely involved in phishing: a social engineering hack in which criminals use emails, phone calls or even fake websites posing as a reputable company to trick someone into giving up important personal information.
‘Although it is unknown how long this data will be online, it is now threatening to disrupt the holiday shopping season for potential victims too,” the technology site’s cybersecurity researchers warned.
An unsecured Amazon cloud storage page has left crucial personal data from nearly 5 million US credit cards exposed to malicious actors all over the open internet. Above is one of 44 million screenshots containing sensitive data [redacted for publication] discovered by Leakd.com
The team of Leakd.com noted that this particular phishing scam involved many fake offers to ‘win an iPhone 14’ from a company called ‘Braniacshop’.
“On the dark web, the average credit card, complete with associated data, is worth about $17,” the researchers noted.
‘[So] With an estimated 5 million unique U.S. credit and debit cards exposed in this breach, the potential monetary value of the stolen data exceeds $85 million.”
Leakd.com’s cybersecurity experts say the holidays are an especially good time to be on the lookout for fake giveaways and be wary of heavily discounted holiday gifts
“Millions of Americans,” they noted, “could have their Christmas in jeopardy.”
The first thing you’ll want to do is actively monitor your credit card, online banking, and other important financial statements for signs of suspicious activity.
If you notice anything unusual, notify your bank, credit card company, or other service as soon as possible so they can freeze use of the affected card.
Experts said the perpetrators were likely involved in phishing: a social engineering hack in which criminals use an email, phone call or even a fake website pretending to be from a reputable company to trick someone into giving up important personal information. Above: a credit card
The Leakd.com team noted that this particular phishing scam involved many fake offers to ‘win an iPhone 14’ from a company called ‘Braniacshop’.
If you want to be proactive, many financial services offer the option to set up ‘fraud alerts’ that can help you take this step in your busy life.
Implementing a proactive “credit freeze” can also help prevent cases where a scammer takes out loans in your name from financial companies you may not have known existed that offer loans or other lines of credit.
There’s no better time than now to also implement additional security measures that have long become security industry standards, such as multi-factor authentication, longer password passphrases, and encrypted password managers.
Invest in one of the top rated identity theft protection services can never hurt, especially since many offer insurance that can recover money lost to fraud and reverse illegal purchases.
These services are especially useful if you share a household or bank account with a loved one – a teenager, an elderly parent, or a spouse who isn’t particularly smart or tech-savvy.