Security Operations, AI/ML, Data Security, Threat Intelligence

Hackers accidentally leak database of stolen credit cards due to AI coding error

May 1, 2026

During the time the payment processor handled more than four billion transactions each year, Heartland Payment Systems announced that hackers loaded data-capturing malware onto its systems, which compromised credit and debit card numbers. Responding to the breach ended up costing the company millions of dollars.

A misconfigured server linked to Jerry's Store, a carding market, was discovered on April 16, exposing a database of stolen credit cards. The leak occurred because hackers relied heavily on an AI code editor, leading to an accidental data exposure, with further coverage provided by HackRead.

Hackers utilized an AI-assisted development tool called Cursor to build a statistics dashboard for Jerry's Store. However, the AI generated an unauthenticated open web directory instead of a secure page, inadvertently exposing the server. This allowed unauthorized access to logs detailing the site's construction and the private data of the hackers. The compromised database contained over 145,000 valid credit cards, along with cardholder names, addresses, and security codes, potentially worth up to $2.6 million on the dark web.

The hackers used this server to verify stolen card validity by attempting small transactions on major e-commerce platforms like Amazon and Grubhub. Jerry's Store, launched in late 2023, appears to have hosted its server in Germany, possibly using bulletproof hosting.

Source: HackRead