Cybersecurity experts have uncovered a credit card breach that threatens to disrupt Christmas shopping for millions of Americans.
Leakd.com researchers found an unprotected ‘S3 bucket’ on Amazon Web Services (AWS) that had been utilized in a phishing scam. Surprisingly, the cybercriminals responsible for the scheme had left it accessible on the internet.
Usually, an S3 bucket serves as a digital directory where businesses can secure customer information. In this case, however, the exposed bucket contained sensitive data such as credit card numbers, names, addresses, and email addresses of five million individuals who had been deceived by a fraudulent company’s fake offers, which included a supposed free iPhone.
Security experts are advising affected individuals to immediately contact their financial institutions. The compromised data exposes them to imminent risks of fraudulent activities, unauthorized charges, and potential identity theft.
While the party or parties responsible for this trove of scammed credit card information remains unknown, Amazon’s AWS Abuse team is now investigating.
Leaked.com said the culprits were likely involved in a phishing scam: a social engineering hack in which criminals use emails, phone calls or even fake websites posing as a reputable company to trick someone into giving up key personal data.
‘While it’s unknown how long this data has been online, it’s now threatening to disrupt the holiday shopping season for potential victims as well,’ the tech site’s cybersecurity researchers warned.
An unsecure Amazon cloud storage page has left critical personal data tied to nearly 5 million US credit cards exposed to malicious actors anywhere out on the open web. Above, one of 44 million screenshots with sensitive data [redacted for publication] discovered by Leakd.com Â
The team at Leakd.com noted that this particular phishing scam involved many fake offers to ‘Win an iPhone 14’ from a company called ‘Braniacshop.’
‘On the dark web, an average credit card, complete with associated details, is worth approximately $17,’ the researchers noted.Â
‘[So] with an estimated 5 million unique US credit and debit cards exposed in this breach, the potential monetary value of the stolen data exceeds $85 million.’Â
Leakd.com’s cybersecurity experts said the holiday season is a particularly good time to be mindful of fake giveaways and wary of heavily discounted holiday giftsÂ
‘Millions of Americans,’ they noted, ‘may find their Christmas at risk.’
The first thing you will want to do is start to actively monitor your credit card, online banking and other key financial statements for signs of suspicious activity.
Notify your bank, credit card provider or other service if you notice anything out of the ordinary as soon as possible, so that they can freeze use of any affected card.Â
Experts said the culprits were likely involved in a phishing scam: a social engineering hack in which criminals use an email, phone call or even a fake website pretending to be from a reputable company to trick someone into giving up key personal data. Above: a credit cardÂ
The team at Leakd.com noted that this particular phishing scam involved many fake offers to ‘Win an iPhone 14’ from a company called ‘Braniacshop.’
If you want to be proactive, many financial services offer the option to set up ‘fraud alerts’ that can help take care of this step amid your busy life.
Implementing a proactive ‘credit freeze’ can also help prevent cases where a scammer takes out loans in your name from financial firms that you might not even have been aware were out there, offering loans or other lines of credit.Â
There’s no time like the present to also set-up added security measures that have already long become the security industry standard, like multi-factor authentication, longer passphrases over passwords and encrypted password managers.Â
Investing in any one of the best reviewed identity theft protection services never hurts, particularly with many offering insurance that can restore money lost to fraud and reverse illicit purchases.Â
These services are especially useful if you are sharing a household or bank accounts with a loved one — at teen, an elderly parent or a spouse who is not especially street smart or tech savvy.