Dark web marketplace leaks 345,000 credit card records using AI
What's the story
A dark web marketplace, dubbed "Jerry's Store," has inadvertently leaked over 345,000 credit card records. The breach was triggered by the platform's heavy reliance on artificial intelligence (AI) coding tools for its infrastructure. Cybernews researchers discovered an unsecured server linked to Jerry's Store, which allegedly sold stolen payment card information and provided tools for buyers to check if the cards were still active before purchasing.
Risk exposure
Jerry's Store relied on AI coding tool for infrastructure
The leak was caused by the operators of Jerry's Store using AI coding assistants to build their infrastructure, but not securing what these tools generated. The platform's infrastructure was built using Cursor, an AI-powered coding assistant from US software company Anysphere. While Cursor is a legitimate development tool widely used by programmers, its heavy use by the operators for creating backend systems and internal staff dashboards led to problems when vague instructions were given without proper security checks afterward.
Data exposure
Exposed web dashboard accessible through browser
The vague instructions given to the AI system resulted in an exposed web dashboard that was directly accessible through a browser, with no password protection or authentication barriers. Cybernews discovered the server on April 16 and found that sensitive information had been left open to the internet. The leaked data included some 145,000 "valid" payment card records containing full card numbers, expiry dates, CVV security codes, as well as names and billing addresses.
Operational details
Leak provided card verification service for criminals
The exposed platform worked as a card verification service for criminals purchasing stolen payment details online. Instead of just selling untested card data, the system verified whether cards were still active by conducting real-world payment tests through legitimate companies. The operators created fake accounts on platforms such as Amazon, Grubhub, Sam's Club, Temu, Lyft, Elf Cosmetics, and CountryMax to test if the cards remained functional.
Leak investigation
Request to create statistics dashboard led to leak
The leak was traced back to a single request in the operators' chat history with Cursor. One of the administrators had asked the AI system to generate a statistics dashboard, which it did, but was later deployed online without any security protections. Cybernews said this case highlights how AI tools like Cursor can lead to accidental data leaks even when used for legitimate purposes by developers.