{"id":25591,"date":"2024-12-17T09:10:04","date_gmt":"2024-12-17T17:10:04","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/12\/17\/news-19320\/"},"modified":"2024-12-17T09:10:04","modified_gmt":"2024-12-17T17:10:04","slug":"news-19320","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/12\/17\/news-19320\/","title":{"rendered":"5 million payment card details stolen in painful reminder to monitor Christmas spending"},"content":{"rendered":"\n<p>Another day, <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/12\/4-8-million-healthcare-records-left-freely-accessible\">another exposed S3 bucket<\/a>.<\/p>\n<p>This time, 5 million US credit cards and personal details were leaked online. The <a href=\"https:\/\/leakd.com\/leaks\/christmas-at-risk-for-millions-of-americans-as-credit-card-details-leaked\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Leakd.com<\/a> security team discovered that 5 terabytes of sensitive screenshots were exposed in a freely accessible Amazon S3 bucket.<\/p>\n<p>An S3 bucket is like a virtual file folder in the cloud where you can store various types of data, such as text files, images, videos, and more. There is no limit to the amount of data you can store in an S3 bucket, and individual instances can be up to 5 TB in size.<\/p>\n<p>In this case we don\u2019t know who\u2019s behind the leak, although it seems clear from the screenshots that it\u2019s a phishing operation and the credit and debit card information was exactly the data they were after. Although they probably didn\u2019t intend to share it with the whole world.<\/p>\n<p>Unfortunately, not knowing who left the data exposed makes it harder to plug the hole, but the AWS Abuse team initiated an investigation based on the information provided by Leakd.<\/p>\n<p>The leaked information contains 5 terabytes of screenshots where victims filled out their details on websites that offered \u201cfree iPhones\u201d and heavily discounted holiday gifts.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"763\" height=\"731\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/12\/3333.png\" alt=\"Organized screenshots taken from victims\u2019 computers\" class=\"wp-image-146322\" \/><figcaption class=\"wp-element-caption\">Image courtesy of Leakd.com<\/figcaption><\/figure>\n<p>Looking at how those screenshots are organized, there are two possible sources.<\/p>\n<ul>\n<li>Information stealers, many infostealers are capable of taking screenshots and naming them in a way that helps the attackers track and organize the stolen data.<\/li>\n<li>Phishing using websites that were especially set up for this task. This seems to most likely scenario, because of the content of the screenshots.<\/li>\n<\/ul>\n<p>As Leakd.com describes it:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThe leaked screenshots often featured instances of users entering personal and financial details into seemingly innocent promotional forms.\u201d<\/p>\n<\/blockquote>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"288\" height=\"512\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/12\/cc4.png\" alt=\"Redacted example of an online phishing form\" class=\"wp-image-146323\" \/><figcaption class=\"wp-element-caption\">Image courtesy of Leakd.com<\/figcaption><\/figure>\n<h2 class=\"wp-block-heading\" id=\"h-what-do-i-need-to-do\">What do I need to do?<\/h2>\n<p>Stolen payment card details are bad enough, as they can be used for financial fraud, identity theft, and cause privacy issues.<\/p>\n<p>The timing just weeks before Christmas makes it even worse. It is hard enough to keep track of your own spending for some of us, let alone when a criminal decides to spend some of our money. And having to cancel your payment card because someone else might use it is most inconvenient right now.<\/p>\n<p>But if you suspect that your payment card details have been stolen, these are the recommended actions:<\/p>\n<ul>\n<li>Regularly check account and card statements and notify your bank about any suspicious activity.<\/li>\n<li>Where possible, set up fraud alerts with your bank or payment card provider.<\/li>\n<li>Change the password and enable <a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\">multi-factor authentication<\/a> if you haven\u2019t already.<\/li>\n<li>Freeze your credit so nobody can open any new accounts in your name.<\/li>\n<\/ul>\n<p>If you don\u2019t want to become a victim of these cybercriminals:<\/p>\n<ul>\n<li>Don\u2019t get <a href=\"https:\/\/www.malwarebytes.com\/phishing\">phished<\/a>. Be aware of the signs and don\u2019t respond to unsolicited emails and texts.<\/li>\n<li>Shy away from sites making too-good-to-be-true offers.<\/li>\n<li>Use web protection like <a href=\"https:\/\/www.malwarebytes.com\/browserguard\">Malwarebytes Browser Guard<\/a>. It flags malicious websites and credit card skimmers that steal your information.<\/li>\n<\/ul>\n<hr class=\"wp-block-separator has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don&#8217;t just report on threats &#8211; we help safeguard your entire digital identity<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Protect your\u2014and your family&#8217;s\u2014personal information by using <a href=\"https:\/\/www.malwarebytes.com\/identity-theft-protection\">identity protection<\/a>.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/12\/5-million-payment-card-details-stolen-in-painful-reminder-to-monitor-christmas-spending\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> An online repository of screenshots where victims filled out their payment card details online was publicly accessible. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[32229,32,32230,5897,32231],"class_list":["post-25591","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-free-iphone","tag-news","tag-payment-cards","tag-privacy","tag-promotional-websites"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25591","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25591"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25591\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}