A threat actor's misconfigured server, resulting from an AI-generated coding error in a Cursor-built dashboard, inadvertently exposed an open web directory containing a database of over 145,000 stolen credit cards. The unauthenticated directory allowed unauthorized access to the card data, including cardholder details and security codes, as well as logs detailing the hackers' operations and card validation methods. The incident highlights the operational security risks introduced by over-reliance on AI coding tools without proper security review and validation.
Security Operations , AI/ML , Data Security , Threat Intelligence Hackers accidentally leak database of stolen credit cards due to AI coding error May 1, 2026 Share By SC Staff A misconfigured server linked to Jerry's Store, a carding market, was discovered on April 16, exposing a database of stolen credit cards. The leak occurred because hackers relied heavily on an AI code editor, leading to an accidental data exposure, with further coverage provided by HackRead. Hackers utilized an AI-assisted development tool called Cursor to build a statistics dashboard for Jerry's Store. However, the AI generated an unauthenticated open web directory instead of a secure page, inadvertently exposing the server. This allowed unauthorized access to logs detailing the site's construction and the private data of the hackers. The compromised database contained over 145,000 valid credit cards, along with cardholder names, addresses, and security codes, potentially worth up to $2.6 million on the dark web. The hackers used this server to verify stolen card validity by attempting small transactions on major e-commerce platforms like Amazon and Grubhub. Jerry's Store, launched in late 2023, appears to have hosted its server in Germany, possibly using bulletproof hosting. Source: HackRead An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Learn More SC Staff Related Security Operations State cybersecurity leaders discuss prioritizing security upgrades SC Staff May 1, 2026 During a National Association of State Chief Information Officers conference, officials like Rex Menold, Michigan's chief security officer, shared that agencies, not central IT, often decide on security priorities. Security Operations OpenAI enhances ChatGPT security with YubiKey partnership SC Staff May 1, 2026 OpenAI's new Advanced Account Security program, available to all ChatGPT users, includes a partnership with Yubico to integrate phishing-resistant security keys. Security Operations Lawmakers consider standalone critical infrastructure status for data centers SC Staff May 1, 2026 Lawmakers on the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection are considering whether data centers should be recognized as a distinct critical infrastructure sector. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Account Harvesting Black Hat Block Cipher Distributed Scans Domain Hijacking Drive-by Download DumpSec Google Hacking Hybrid Attack Morris Worm You can skip this ad in 5 seconds