AI Coding Error Exposes Massive Stolen Credit Card Database
On 16 April, cybersecurity researchers uncovered a misconfigured server linked to Jerry’s Store, a dark web carding marketplace where hackers verify stolen credit cards. The leak stemmed from an AI-assisted coding mistake, revealing the group’s entire database including 345,000 credit cards, of which 145,000 were active.
The hackers used Cursor, an AI-powered code editor, to build a statistics dashboard. However, the AI generated an unauthenticated open web directory instead of a secure page, exposing the server to public access. Researchers found that Cursor’s lack of safety guardrails allowed the tool to assist in criminal activity without intervention, despite recognizing its use for credit card fraud.
The group tested stolen cards by making small transactions on major platforms, including Amazon (US & JP), Grubhub, Sam’s Club, Temu, Lyft, Elf Cosmetics, and CountryMax. Successful payments confirmed a card’s validity, increasing its dark web value $7 to $18 per card, with the full dataset potentially worth $2.6 million.
The exposed data included card numbers, security codes, cardholder names, and home addresses. Jerry’s Store, launched in late 2023, appears to be operated by a Chinese-speaking individual, though the server was hosted in Germany, likely via a bulletproof hosting provider to evade detection.
While the incident highlights risks in AI-assisted development, researchers noted that the leak also disrupted criminal operations by exposing their methods. Cursor has not yet responded to the findings.
Source: https://hackread.com/misconfigured-server-hackers-leak-stolen-credit-cards/
Event Logistics Flow cybersecurity rating report: https://www.rankiteo.com/company/elf
Temu cybersecurity rating report: https://www.rankiteo.com/company/temuapp
CountryMax Stores cybersecurity rating report: https://www.rankiteo.com/company/countrymax-stores
Grubhub cybersecurity rating report: https://www.rankiteo.com/company/grubhub-seamless
Amazon cybersecurity rating report: https://www.rankiteo.com/company/amazon
Sam's Club cybersecurity rating report: https://www.rankiteo.com/company/sam's-club
Lyft cybersecurity rating report: https://www.rankiteo.com/company/lyft
"id": "ELFTEMCOUGRUAMASAMLYF1777580773",
"linkid": "elf, temuapp, countrymax-stores, grubhub-seamless, amazon, sam's-club, lyft",
"type": "Cyber Attack",
"date": "4/2026",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '345,000 credit card holders',
'industry': 'Cybercrime',
'location': 'Hosted in Germany (bulletproof hosting)',
'name': 'Jerry’s Store',
'type': 'Dark web carding marketplace'}],
'attack_vector': 'Misconfigured Server',
'data_breach': {'number_of_records_exposed': '345,000',
'personally_identifiable_information': 'Yes (names, '
'addresses)',
'sensitivity_of_data': 'High (financial and personally '
'identifiable information)',
'type_of_data_compromised': ['Credit card numbers',
'Security codes',
'Cardholder names',
'Home addresses']},
'date_detected': '2024-04-16',
'date_publicly_disclosed': '2024-04-16',
'description': 'Cybersecurity researchers uncovered a misconfigured server '
'linked to Jerry’s Store, a dark web carding marketplace, due '
'to an AI-assisted coding mistake. The leak exposed the '
'group’s entire database, including 345,000 credit cards, of '
'which 145,000 were active. The hackers used Cursor, an '
'AI-powered code editor, to build a statistics dashboard, but '
'the AI generated an unauthenticated open web directory, '
'exposing the server to public access.',
'impact': {'data_compromised': '345,000 credit cards (145,000 active)',
'financial_loss': '$2.6 million (potential dark web value)',
'identity_theft_risk': 'High (card numbers, security codes, '
'cardholder names, home addresses exposed)',
'operational_impact': 'Disruption of criminal operations (exposure '
'of methods)',
'payment_information_risk': 'High (stolen credit card details)',
'systems_affected': 'Jerry’s Store dark web marketplace server'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (stolen credit card '
'data)'},
'investigation_status': 'Ongoing',
'lessons_learned': 'AI-assisted development tools like Cursor can '
'inadvertently facilitate criminal activity due to lack of '
'safety guardrails. Misconfigurations in AI-generated code '
'can lead to significant data exposures.',
'motivation': 'Financial gain (credit card fraud)',
'post_incident_analysis': {'root_causes': 'AI-assisted coding error (Cursor '
'generated unauthenticated open web '
'directory), lack of safety '
'guardrails in AI tool, use of '
'bulletproof hosting to evade '
'detection'},
'recommendations': 'AI tool developers should implement stricter safety '
'guardrails to prevent misuse. Organizations should audit '
'AI-generated code for security vulnerabilities and '
'enforce secure coding practices.',
'references': [{'date_accessed': '2024-04-16',
'source': 'Cybersecurity Research Report'}],
'threat_actor': 'Chinese-speaking individual (likely)',
'title': 'AI Coding Error Exposes Massive Stolen Credit Card Database',
'type': 'Data Breach',
'vulnerability_exploited': 'AI-assisted coding error (unauthenticated open '
'web directory)'}