Five million payment card details stolen in painful reminder to watch Christmas spending.

There was an online repository of screenshots where victims filled out their payment card details online that was publicly accessible.

This time, personal information and five million US credit cards were exposed online. The security team at Leakd.com found that a publicly available Amazon S3 bucket had 5 terabytes of private screenshots.

Similar to a virtual file folder in the cloud, an S3 bucket allows you to store a variety of data kinds, including text files, photos, videos, and more. An S3 bucket may hold an unlimited amount of data, while individual instances can have a maximum size of 5 TB.

Although it's evident from the screenshots that this is a phishing attempt and that the credit and debit card information was precisely what they were looking for, we don't know who is responsible for this particular breach. Even so, they most likely had no intention of making it public.

The AWS Abuse team started an inquiry based on the information Leakd gave, but regrettably, it is more difficult to close the hole when one does not know who released the data.

Five terabytes of screenshots of victims entering their information on websites offering "free iPhones" and steeply discounted holiday goods are included in the hacked data.

Organized screenshots taken from victims’ computers

Image courtesy of Leakd.com

Looking at how those screenshots are organized, there are two possible sources.

Numerous information thieves are able to take screenshots and label them in a way that makes it easier for the attackers to locate and arrange the stolen material.
Phishing through websites designed specifically for this purpose. Based on the screenshots' content, this appears to be the most likely situation.

As Leakd.com describes it:

“The leaked screenshots often featured instances of users entering personal and financial details into seemingly innocent promotional forms.”

Redacted example of an online phishing form Image courtesy of Leakd.com

What do I need to do?

Stolen payment card details are bad enough, as they can be used for financial fraud, identity theft, and cause privacy issues.

The timing just weeks before Christmas makes it even worse. It is hard enough to keep track of your own spending for some of us, let alone when a criminal decides to spend some of our money. And having to cancel your payment card because someone else might use it is most inconvenient right now.

But if you suspect that your payment card details have been stolen, these are the recommended actions:

Check your card and account statements frequently, and report any unusual activity to your bank.
Set up fraud alerts with your bank or credit card company whenever you can.
If you haven't already, change your password and turn on multi-factor authentication.
To prevent someone from opening new accounts in your name, freeze your credit.

If you don’t want to become a victim of these cybercriminals:

Avoid being phished if you don't want to fall victim to these online thieves. Recognize the warning signs and avoid answering unwanted texts and emails.
Avoid websites that promise deals that seem too good to be true.
Make use of web security software such as Malwarebytes Browser Guard. It alerts you to credit card skimmers and dangerous websites that steal your personal data.