AI Fraud Site Exposes 345K Cards Due to AI Code Error

A criminal marketplace, Jerry's Store, accidentally exposed details for 345,000 payment cards. This happened because the site used flawed AI-generated code for its systems. The exposed data included names, card numbers, billing addresses, expiry dates, and security codes. An unsecured server was left open on the internet. Researchers estimate this leaked data could be worth millions on underground markets. The platform's operators used an AI coding assistant called Cursor to build their server infrastructure. The problem began when they asked the AI tool to create a statistics dashboard. The AI then generated an open web directory without password protection. The exposed database contained nearly 200,000 invalid payment cards and over 145,000 active, usable cards. These valid stolen cards typically sell for between $7 and $18 each. This puts the total value of the exposed data between $1 million and $2.6 million. Fraudsters tested stolen cards by making small payments on legitimate platforms like Amazon and Lyft. Successful transactions meant the cards were valid and could then be sold. These low-value transactions are hard to detect. This incident highlights the growing risks of relying too much on AI-generated code without human oversight. It's crucial for consumers to monitor bank statements and for companies to rigorously test AI-generated code.