Massive Credit Card Leak Discovered by LEAKD.COM
Table of Contents
- Published: Jan 02, 2025
- Last Updated: Jan 15, 2025
Recently, the security team at LEAKD.COM discovered that about 5 million United States credit cards and users’ personal details had been leaked online. This discovery came about when the security team found 5 terabytes of sensitive data exposed on an unsecured Amazon S3 bucket, a cloud storage service provided by Amazon Web Services that is used to store customer information.
According to the security team at LEAKD.COM, the party responsible for this credit card leak/breach remains unknown. However, a preliminary investigation by the team reveals the incident appears to have come from a phishing operation in which unsuspecting individuals provided confidential details on promotional forms for fake offers.
Further scrutiny of the five terabyte screenshots on the Amazon S3 bucket revealed that heavily discounted holiday (Christmas) gifts or a free iPhone were used to induce unsuspecting consumers to provide their credit card details. Unknowingly to the affected customers, sensitive data, including their full names, billing addresses, credit card details, phone numbers, and email addresses, was being harvested and stored by the scammers. All of these happened without malware deployment or hacking into consumers’ computers or phones.
When Was the Credit Card Data Leak?
The credit card details leak in the United States was discovered in December 2024 by the security team at LEAKD.COM. Although the details of the incident are still sketchy and the party behind the leak remains largely unknown, the Amazon Web Services (AWS) Abuse team has launched an investigation to unravel the mystery based on information provided by LEAKD.COM.
How to Check If Your Data Was Leaked
To check if your credit card information and personal details were exposed due to the 2024 credit card leak, you may employ the services of a data leak checker like HaveIBeenPwned. Typically, once you enter your email address, a data leak checker will let you know if your email address or other data that is supposed to be private, including credit card credentials, has shown up online. Alternatively, you may review your credit card accounts for unusual charges. Any suspicious charges may indicate that you were affected by the credit card leak.
What to Do If Your Credit Card Data Was Leaked
If you suspect your credit card credentials may have been compromised in the credit card leak, you should consider enabling fraud alerts with your credit card provider if you have not already done so. Also, make it a habit to regularly review your bank statements for signs of fraud and immediately report any suspicious activity on your credit card to your bank or credit card provider.
Furthermore, beware of unsolicited communications, either through email or text messages, requesting you to provide certain financial or personal information. You may also have to update the passwords for all accounts tied to your credit card and enable multi-factor authentication where possible. It is also important to freeze your credit to prevent scammers from opening new accounts in your name if you strongly believe your information may have been compromised in the credit card leak.
Are There Any Lawsuits Because of the Credit Card Data Leak?
Not yet. The credit card data leak is still a developing case, as investigations are ongoing to identify those behind the incident. No lawsuit has been filed in relation to this incident.
Can My Credit Card Information Be Used for Identity Theft?
Yes. Besides using your leaked credit card credentials for unauthorized purchases, scammers may also use personal information obtained to commit identity theft. For instance, scammers may impersonate you and use such details to open accounts and take out loans in your name. In addition, they may put up such information for sale on the dark web for other cybercriminals to use in all kinds of cyber attacks.
What Can You Do to Protect Yourself Online?
If you believe your credit card information was exposed in the credit card leak, the following are some of the things you may do to further protect yourself and sensitive data online:
- Change the passwords for all online accounts linked to your credit cards. Ensure to use strong passwords that cannot be predicted or guessed. Long characters containing a mix of letters, special characters, and numbers are usually recommended.
- Be cautious of the kind of information you share online. Generally, the less information you put online, the more challenging it becomes for cybercriminals to steal your data. Also, scammers are unlikely to be able to figure out your passwords when you share fewer and non-personal information online.
- Register for a credit monitoring service that may help you monitor your credit information and alert you when any changes are made to your credit reports, inquiries are made to your credit file, or new loans are opened in your name.
- Avoid using free, public Wi-Fi, especially if you are likely to enter your credit card details and personally identifying information. The use of a secure, password-protected home network cannot be overemphasized if you do not want your credit card whipped out.
- Always confirm that a site is secure before entering any personal or financial information. A secure site generally starts with “https” and has a lock symbol on the webpage.
- Enable two-factor authentication (2FA) on your online accounts (where possible) for additional security.
- Stay abreast of scammers’ tactics and equip yourself with cybersecurity knowledge by constantly learning with resources offered by sites like IDStrong.
- Beware of malicious actors that constantly attempt to compromise your privacy online through endless phishing attempts. Avoid opening suspicious links or attachments in emails or text messages that appear to be from trusted sources but are only trying to trick you into providing valuable personal or financial information.
