Cybersecurity experts have uncovered a credit card breach that threatens to disrupt Christmas shopping for millions of Americans.
Researchers at Leakd.com uncovered an unsecured Amazon Web Services (AWS) 'S3 bucket' that was used in a phishing scheme, yet the criminals left it open online.
An S3 bucket is a virtual folder for companies to store customer data, but this instance held the credit card details, names, addresses and emails of five million people who fell victim to a fake companies fake promotions, including a free iPhone.
Experts urged the public to contact their financial service providers as the exposed data poses immediate threats of fraud, unauthorized transactions, and identity theft.
While the party or parties responsible for this trove of scammed credit card information remains unknown, Amazon's AWS Abuse team is now investigating.
Leaked.com said the culprits were likely involved in a phishing scam: a social engineering hack in which criminals use emails, phone calls or even fake websites posing as a reputable company to trick someone into giving up key personal data.
'While it's unknown how long this data has been online, it's now threatening to disrupt the holiday shopping season for potential victims as well,' the tech site's cybersecurity researchers warned.
An unsecure Amazon cloud storage page has left critical personal data tied to nearly 5 million US credit cards exposed to malicious actors anywhere out on the open web. Above, one of 44 million screenshots with sensitive data [redacted for publication] discovered by Leakd.com
The team at Leakd.com noted that this particular phishing scam involved many fake offers to 'Win an iPhone 14' from a company called 'Braniacshop.'
'On the dark web, an average credit card, complete with associated details, is worth approximately $17,' the researchers noted.
'[So] with an estimated 5 million unique US credit and debit cards exposed in this breach, the potential monetary value of the stolen data exceeds $85 million.'
Leakd.com's cybersecurity experts said the holiday season is a particularly good time to be mindful of fake giveaways and wary of heavily discounted holiday gifts
'Millions of Americans,' they noted, 'may find their Christmas at risk.'
The first thing you will want to do is start to actively monitor your credit card, online banking and other key financial statements for signs of suspicious activity.
Notify your bank, credit card provider or other service if you notice anything out of the ordinary as soon as possible, so that they can freeze use of any affected card.
Experts said the culprits were likely involved in a phishing scam: a social engineering hack in which criminals use an email, phone call or even a fake website pretending to be from a reputable company to trick someone into giving up key personal data. Above: a credit card
The team at Leakd.com noted that this particular phishing scam involved many fake offers to 'Win an iPhone 14' from a company called 'Braniacshop.'
If you want to be proactive, many financial services offer the option to set up 'fraud alerts' that can help take care of this step amid your busy life.
Implementing a proactive 'credit freeze' can also help prevent cases where a scammer takes out loans in your name from financial firms that you might not even have been aware were out there, offering loans or other lines of credit.
There's no time like the present to also set-up added security measures that have already long become the security industry standard, like multi-factor authentication, longer passphrases over passwords and encrypted password managers.
Investing in any one of the best reviewed identity theft protection services never hurts, particularly with many offering insurance that can restore money lost to fraud and reverse illicit purchases.
These services are especially useful if you are sharing a household or bank accounts with a loved one — at teen, an elderly parent or a spouse who is not especially street smart or tech savvy.