ACCORDING to CyberNews, Jerry’s Store, a card-checking service used by cybercriminals, exposed 345,000 stolen payment cards after leaving its server open. The leak occurred because Cursor AI generated flawed code without authentication, leaving an unauthorised open directory that revealed card numbers, names, addresses and security codes. Researchers found that roughly 345,000 payment cards were exposed, with nearly 200,000 marked as invalid and more than 145,000 identified as valid.
The leaked data included card numbers, expiry dates, security codes, names and billing addresses. The report notes this case illustrates how the carding economy is becoming automated and productised, with valid stolen records typically selling on the dark web for about $7 to $18, potentially making the exposed data worth between $1 million and $2.6 million.
The article also highlights related law enforcement activity in other carding ecosystems and emphasises that the breach underscores how cybercriminal platforms can have weak security, with consequences spilling over to victims.