Breach of AI-Generated Website Reveals 345,000 Stolen Credit Card Details

Millions of Dollars Worth of Stolen Credit Cards Exposed in AI-Generated Code Leak

A critical security vulnerability has been discovered in a criminal marketplace used by fraudsters, exposing sensitive details linked to over 345,000 payment cards. The platform, known as Jerry's Store, left an unsecured server open on the internet, exposing names, card numbers, billing addresses, expiry dates, and security codes to potential cyber threats. Researchers at Cybernews discovered the leak in April and warn that the exposed data could be worth millions of dollars on underground markets.

According to Cybernews, the operators of Jerry's Store utilized Anysphere's Cursor, an artificial intelligence coding assistant, to create server infrastructure and internal dashboards. However, the system generated an open web directory without password protection or authentication, allowing unrestricted access to sensitive information. This security flaw was triggered when the operators asked the AI tool to build a statistics dashboard.

The exposed database contained nearly 200,000 cards marked as invalid and more than 145,000 cards that were still active and usable. Researchers estimated that valid stolen cards sell for between $7 and $18 each on dark web forums, placing the value of the exposed inventory between $1 million and $2.6 million.

Read also: Treasury Yields Experience Largest Increase in Two Weeks Following Release of Labor Market Data

The leak also revealed how organized online fraud networks verify stolen cards before selling them. Investigators found that Jerry's Store operators used accounts on legitimate websites, including Amazon, Grubhub, Temu, Lyft, and Sam's Club, to run small payment tests. If the transaction succeeded, the card was marked valid and later sold to cybercriminals. Security experts say such small transactions are difficult to detect because they blend into billions of normal online payments processed every day.

Cybersecurity analysts say the incident highlights growing concerns about developers relying too heavily on AI-generated code without proper security checks. A recent academic study examining thousands of public code repositories found that AI-assisted coding tools can produce software containing serious vulnerabilities if human review is missing.

Researchers warn consumers to monitor bank statements carefully, enable transaction alerts, and replace cards immediately if suspicious activity appears. They also urge companies using AI coding systems to conduct thorough security testing before deploying software online.

Read also: US-Iran Tensions Spark Uptick in Oil Prices Amid Global Market Decline