Millions of credit card details have been leaked online – be careful if you pay for Christmas
- Security researchers find an unprotected S3 bucket with millions of screenshots
- Many screenshots were of people’s credit cards, the report warns
- The database may still be available
The details of around five million credit and debit cards were recently leaked online, putting millions of people at risk of banking fraud, identity theft and various privacy breaches, experts warn.
Cybersecurity researchers at Leakd.com recently found an unsecured Amazon S3 bucket containing 5 terabytes of screenshots.
Among the screenshots were “unsuspecting users entering sensitive data into too-good-to-be-true promotional forms for bogus offers.”
Purposefully collect data
As the team explained in a blog postmany people were lured into false promotions, offering things like free iPhones, hundreds of dollars worth of gift cards, mouth-watering discounts on various apps and retailers, and so on. They didn’t explain who took the screenshots or how, but they did say the data made public included people’s full names, billing addresses, email addresses, phone numbers and credit card information.
Many of the screenshots also contain the Braniacshop logo and other “generic names.” “While Braniacshop’s exact role remains uncertain, its connection to the data raises concerns about deliberate data collection,” they said.
If you’ve recently shared this type of information in a form promising free or ultra-cheap iPhones, gift cards over $500, or the like, the team advises extra caution, especially during the holidays. Potential victims should monitor their financial accounts for suspicious activity, enable alerts with the bank or credit card provider, update their login information, and be on the lookout for possible phishing attempts.
Furthermore, the team hints that the S3 bucket is not yet locked.
“Immediate steps should be taken (by law enforcement) to lock down the exposed information and prevent further access,” the report said, adding that police should also notify affected individuals.
“We notified the Amazon AWS Abuse Team of this issue to limit the risks to consumers and quickly secure the exposed data,” the report concludes.