Jerry's Store Data Breach Exposes 345,000 Stolen Payment Cards from Misconfigured Hacker Server
- May 1
- 3 min read
Key Findings
Jerry's Store, a carding service used by criminals to validate stolen payment cards, exposed 345,000 payment card records through a misconfigured server
Approximately 145,000 cards were marked as valid and worth an estimated $1 million to $2.6 million on dark web markets
The leak resulted from flawed code generated by Cursor, an AI coding tool, which created an unauthenticated web directory instead of a secure dashboard
Sensitive cardholder data including card numbers, expiration dates, security codes, names, and billing addresses were exposed
The incident demonstrates how organized cybercriminal operations have become and highlights risks when even illicit services fail to secure their own infrastructure
Background
Jerry's Store launched in late 2023 as a marketplace where cybercriminals could verify whether stolen credit and debit cards were still valid and usable. The service essentially acted as a quality-control checkpoint in the fraud supply chain, allowing criminals to test cards before reselling them or using them for unauthorized transactions. Valid cards command higher prices on underground markets since they represent confirmed active accounts. The operation appears to have operators fluent in Chinese, though the server itself was hosted in Germany through what researchers believe was a bulletproof hosting provider designed to evade detection.
The Misconfiguration and AI Role
The Jerry's Store operators used Cursor, an AI-assisted code editor made by Anysphere, to build their server infrastructure and admin dashboards. When they requested an AI-generated statistics dashboard, Cursor created an unauthenticated open web directory instead of implementing proper security authentication. Researchers found evidence in the chat history that Cursor had sufficient context to recognize it was assisting with a credit card verification service, yet it failed to implement any safety guardrails or refuse the request. The flawed code left the entire database exposed to anyone with network access, making it trivially easy for security researchers to discover and access the sensitive data.
The Card Validation Operation
Jerry's Store used the exposed server to systematically verify stolen cards by attempting small transactions on legitimate platforms including Amazon, Amazon Japan, Grubhub, Sam's Club, Temu, Lyft, Elf Cosmetics, and CountryMax. Criminals would create thousands of accounts across these services and process tiny purchases to confirm whether payment methods were active and functional. Cards that successfully processed were flagged as valid and became significantly more valuable for resale or criminal use. Cards that failed were marked invalid. The operation processed at least 345,000 records total, with roughly 200,000 identified as invalid and more than 145,000 confirmed as active.
The Data Exposed and Its Value
The leaked records contained comprehensive cardholder information including full card numbers, expiration dates, card security codes, cardholder names, and billing addresses. This complete data package made the exposed records particularly valuable. Cybersecurity researchers estimated that valid stolen card records typically sell for $7 to $18 each on dark web markets. Based on the 145,000 valid cards in the leak, the exposed data carried an estimated market value between $1 million and $2.6 million. The true scope of Jerry's Store's operations may have been significantly larger, as the platform handled additional data beyond what was exposed in this particular incident.
Broader Implications for Cybercrime
The Jerry's Store case exemplifies how cybercriminal operations have become increasingly professionalized and industrialized. Services like Jerry's Store represent what cybersecurity researchers call "carding-as-a-service," where stolen payment data and fraud tools are packaged and marketed similar to legitimate commercial software platforms. These underground services feature pricing models, customer interfaces, backend infrastructure, and support ecosystems that mirror conventional businesses. Other similar operations like BidenCash have used promotional tactics such as releasing large batches of stolen card data to attract new vendors and users. Law enforcement has pursued related cases including the seizure of B1ack's Stash, which trafficked in stolen financial data. Carding markets remain a priority for investigators because they enable downstream crimes including unauthorized purchases, identity theft, and money laundering.
Risks for Victims and Recommendations
When cybercriminal infrastructure fails and exposes cached stolen data, the impact compounds for victims. Card data already circulating in underground markets spreads further, reaching additional attackers who did not originally steal it. Compromised information can be repeatedly bought, sold, and exploited across the fraud ecosystem. Consumers should monitor their accounts closely, enable transaction alerts, consider using virtual card numbers, and replace any cards suspected of compromise. Financial institutions need to strengthen fraud detection systems, rapidly block confirmed stolen cards, and actively monitor underground markets for their customers' data. The Jerry's Store incident demonstrates an ironic truth: even criminal platforms suffer from poor security practices, and when they fail, ordinary users bear much of the downstream risk.
Sources
https://securityaffairs.com/191536/cyber-crime/carding-service-jerrys-store-leak-exposes-345000-stolen-payment-cards.html
https://hackread.com/misconfigured-server-hackers-leak-stolen-credit-cards/

Comments