Millions of credit card details leaked online - watch out if you're paying for Christmas

Someone checking their credit card details online.

(Image credit: Pickawood / Unsplash)

Security researchers find an unprotected S3 bucket with millions of screenshots
Many screenshots were of people's credit cards, report warns
The database could still be available

The details on roughly five million credit and debit cards were recently leaked online, putting millions of people at risk of wire fraud, identity theft, and various privacy violations, experts have warned.

Cybersecurity researchers from Leakd.com recently found an unsecured Amazon S3 bucket containing 5 terabytes of screenshots.

Among the screenshots were “unsuspecting users entering sensitive details into too-good-to-be-true promotional forms for fake offers.”

Deliberate data harvesting

As the team explained in a blog post, many people were lured into fake promotional forms, offering things like free iPhones, gift cards worth hundreds of dollars, mouth-watering discounts for various apps and retailers, and so on. They didn’t explain who took the screenshots or how, but they did say that the data that was exposed includes people’s full names, billing addresses, email addresses, phone numbers, and credit card details.

Many of the screenshots also included the logo of Braniacshop, and other “generic names”. “While Braniacshop’s exact role remains uncertain, its connection to the data raises concerns about deliberate data harvesting,” they said.

If you’ve recently shared this type of information in a form that promised free, or ultra-cheap iPhones, $500+ gift cards, or similar, the team advises extra care, especially over the holidays. Potential victims should monitor their financial accounts for suspicious activities, enable alerts with the bank or credit card provider, update their credentials, and be wary of potential phishing attempts.

Furthermore, the team hints that the S3 bucket has not yet been locked down.

“Immediate steps should be taken [by law enforcement] to lock down the exposed information and prevent further access,” its report said, adding that the police should also notify affected individuals.

“We have notified the Amazon AWS Abuse Team about this issue to mitigate the risks for consumers and secure the exposed data promptly,” the report concludes.

Data breach gives hackers access to 1.7 million people’s credit card details — here's what we know
Here's a list of the best antivirus
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.