Dark web marketplace leaks 345,000 credit card records using AI Newspoint  |  2026-05-08 20:39:40


Dark web marketplace leaks 345,000 credit card records using AI
08 May 2026


A dark web marketplace, dubbed "Jerry's Store," has inadvertently leaked over 345,000 credit card records.


The breach was triggered by the platform's heavy reliance on artificial intelligence (AI) coding tools for its infrastructure.


Cybernews researchers discovered an unsecured server linked to Jerry's Store, which allegedly sold stolen payment card information and provided tools for buyers to check if the cards were still active before purchasing.


Jerry's Store relied on AI coding tool for infrastructure
Risk exposure


The leak was caused by the operators of Jerry's Store using AI coding assistants to build their infrastructure, but not securing what these tools generated.


The platform's infrastructure was built using Cursor, an AI-powered coding assistant from US software company Anysphere.


While Cursor is a legitimate development tool widely used by programmers, its heavy use by the operators for creating backend systems and internal staff dashboards led to problems when vague instructions were given without proper security checks afterward.


Exposed web dashboard accessible through browser
Data exposure


The vague instructions given to the AI system resulted in an exposed web dashboard that was directly accessible through a browser, with no password protection or authentication barriers.


Cybernews discovered the server on April 16 and found that sensitive information had been left open to the internet.


The leaked data included some 145,000 "valid" payment card records containing full card numbers, expiry dates, CVV security codes, as well as names and billing addresses.


Leak provided card verification service for criminals
Operational details


The exposed platform worked as a card verification service for criminals purchasing stolen payment details online.


Instead of just selling untested card data, the system verified whether cards were still active by conducting real-world payment tests through legitimate companies.


The operators created fake accounts on platforms such as Amazon, Grubhub, Sam's Club, Temu, Lyft, Elf Cosmetics, and CountryMax to test if the cards remained functional.


Request to create statistics dashboard led to leak
Leak investigation


The leak was traced back to a single request in the operators' chat history with Cursor.


One of the administrators had asked the AI system to generate a statistics dashboard, which it did, but was later deployed online without any security protections.


Cybernews said this case highlights how AI tools like Cursor can lead to accidental data leaks even when used for legitimate purposes by developers.

Read more
Major accident in Gujarat Titans team bus after IPL final, players narrowly escaped
Tezzbuzz
The unsung hero of RCB’s victory, who made the flop team the champion behind the scenes
Tezzbuzz
RCB shines! Unique style of Virat Kohli and Anushka Sharma, left laughing after reading on IPL 2026 trophy
Tezzbuzz
Another NEET student commits suicide, father of only child shares his pain
Tezzbuzz
Nagendra Nath Tripathi: Who is Nagendra Nath Tripathi? To whom BJP handed over this important responsibility
Tezzbuzz
Order to Rabri Devi to Vacate Official Bungalow: RJD Attacks NDA Government
Tezzbuzz
Birthday Special: Sonakshi Sinha’s debut and hit films…
Tezzbuzz
KSI steps away from popular British group Sidemen after 13 Years
Tezzbuzz
Share Market Crash: The Sensex plummeted 543 points, the Nifty slipped below 23,400; investors lost billions of rupees. Outcry in the stock market! Sensex fell 543 points, Nifty slipped below 23,400; Billions of rupees lost by investors – ..
Tezzbuzz
Toyota Fortuner New Generation: When will the new generation Fortuner be launched in India? Know what will be the big changes
Tezzbuzz