A listing on a hacker forum claims access to thousands of payment records, including card numbers and security codes. Experts warn users to act immediately to protect their accounts from fraud and unauthorized charges.

A threat actor on a well-known hacker forum is claiming to be selling a database containing 200,000 payment card records, allegedly tied to American Express users.

Researchers at Cybernews dug into the data sample provided with the listing and found 27 records containing extensive financial data, including:

• Full credit card numbers
• CVVs
• PIN codes
• Card expiration dates
• Balances
• Cardholder names
• Home addresses

Despite the seller’s claim, the data isn’t exclusive to American Express. The sample includes cards issued by Visa and Mastercard, hinting that the dataset may be stitched together from multiple breaches or sources.

With no access to the full dataset, the claimed 200,000 records remain unverified.

How could the stolen credit card data be exploited?

What makes this kind of dataset especially dangerous is that it is a ready-to-use fraud kit. With full card details paired with personal information, attackers can commit financial fraud and identity theft.

Stolen data like this can be rapidly monetized by exploiting credit card data. It can also be resold across underground markets or used in targeted scams that feel alarmingly legitimate to the victim.

Cybernews previously reported on a case in which scammers posed as Wise support staff. They used the victim's real name, phone number, and credit card details to sound extremely convincing.

How does this kind of data end up for sale?

Large collections of payment data rarely come from a single leak. More often, they’re the result of multiple weak points lining up in the worst possible way.

One common entry point is compromised e-commerce platforms. If companies store payment data improperly, especially without encryption, attackers can, after compromising a single platform, walk away with massive volumes of sensitive information. Misconfigured databases left exposed online can have the same effect.

Infostealer malware is another major pipeline. Once it infects a device, it quietly siphons saved credentials, browser autofill data, and sometimes even payment details, bundling them for resale.

Then there’s the human factor. Fake online shops, phishing pages, or direct scams can trick users into handing over their card details without realizing it. One careless click can turn into a permanent entry in a dataset like this.

“Given the scale claimed by the threat actor, it’s more likely the data comes from compromised e-commerce platforms or infostealers,” Cybernews researchers noted.

How to stay safe?

Our researchers advise users to stay vigilant and protect themselves by taking the following steps:

• If you suspect your card details were stolen, contact your bank to replace your compromised credit card.
• Check if your data has been breached on the personal data leak checker.
• Regularly review your bank statements, credit card transactions, and online account activity to quickly identify any unauthorized charges and reduce the impact of a breach.
• Inform your bank regarding any unauthorized transactions.
• Reset the passwords for all accounts associated with the leaked passwords. It is strongly recommended that you select strong, unique passwords that are not reused across multiple platforms. You can use a password generator to create strong passwords.
• Enable multi-factor authentication (MFA) wherever possible. This enhances security by requiring additional verification beyond a password.
• Use password manager software to securely generate and store complex passwords. Password managers mitigate the risk of password reuse across different accounts.
• Consider data removal services to minimize your digital footprint and prevent your personal information from being exposed or sold by data brokers.

---

Unlock more exclusive Cybernews content on YouTube.