Jerry’s Store Exposed 345,000 Stolen Credit Cards via AI-Coded Dashboard
Jerry’s Store, a carding marketplace used to verify stolen payment cards, exposed roughly 345,000 credit card records after a misconfigured server left an unauthenticated web directory publicly accessible. Reporting indicates the operators used the AI-assisted coding tool Cursor to build a statistics dashboard, but the generated implementation exposed logs, development details, and sensitive cardholder data instead of restricting access. The leaked records included card numbers, expiration dates, CVV values, names, and addresses; about 145,000 cards were marked valid and nearly 200,000 invalid, with the valid inventory alone estimated to be worth $1 million to $2.6 million on dark-web markets.
The exposed infrastructure also revealed how the marketplace tested stolen cards through small, low-risk transactions at legitimate merchants including Amazon, Temu, Lyft, Grubhub, Sam’s Club, Elf Cosmetics, and CountryMax. Researchers said Jerry’s Store launched in late 2023, primarily targeted victims in the US and EU, and may be run by a Chinese-speaking administrator using infrastructure hosted in Germany, possibly through a bulletproof hosting provider. The server was reportedly discovered on April 16, and the leak offered an unusual view into both the marketplace’s stolen-card inventory and its operational methods.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Instructure discloses cybersecurity incident and begins impact review
Instructure disclosed a cybersecurity incident and said it was investigating the scope and potential impact, including whether its Canvas platform was affected. The available references do not provide further technical details or a specific incident date beyond publication timing.
Reports reveal Jerry's Store used merchants to validate stolen cards
Researchers reported that Jerry's Store tested stolen cards through small, low-risk transactions on legitimate platforms including Amazon, Temu, Lyft, Grubhub, Sam's Club, Elf Cosmetics, and CountryMax. This activity was tied to the same exposed infrastructure.
Researchers link exposure to AI-generated dashboard code
Analysis of the exposed infrastructure indicated the operators had used Cursor to build a statistics dashboard, and the generated implementation created an unauthenticated open web directory. The leak also exposed development logs and operator-related private data.
Jerry's Store exposes stolen card database via misconfigured server
A server tied to Jerry's Store was discovered publicly exposing data on roughly 345,000 stolen payment cards, including about 145,000 marked valid and nearly 200,000 marked invalid. The exposed records included card numbers, expiration dates, CVVs, names, and addresses.
Jerry's Store carding marketplace launches
Jerry's Store, a marketplace used to verify and sell stolen payment cards, began operating in late 2023. Reporting indicates it primarily targeted victims in the US and EU and used infrastructure hosted in Germany.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
B1ack’s Stash Dumps 4.6 Million Stolen Credit Card Records
Dark web carding marketplace **B1ack’s Stash** released about **4.6 million stolen credit card records** for free after accusing some sellers of reselling data purchased on its platform through rival shops. The forum said it removed roughly **8 million `CVV2` records** from active inventory and moved 4.6 million into its freebies section, while allowing some trusted sellers to seek reinstatement through support channels. Reporting cited by SC Media and analysis from SOCRadar indicate the exposed dataset is largely authentic, with about **4.3 million records** assessed as fresh after excluding duplicates, expired cards, and previously known entries. The leaked records reportedly include full payment card data along with extensive personally identifiable information, including names, billing addresses, email addresses, phone numbers, and IP addresses. Researchers said the breadth of the data suggests collection through **e-skimming** or **phishing**, and warned of immediate risks including card-not-present fraud, identity theft, targeted phishing, and credential abuse. Most affected cards are tied to the **United States**, with significant exposure also reported in **Canada, the United Kingdom, France, and Malaysia**, underscoring the international scope of the breach and B1ack’s Stash’s continued use of free data dumps to build notoriety in the cybercrime market.
May 24, 2026
Carding Mafia Forum Breached Twice, Exposing Nearly 600,000 Criminal Marketplace Accounts
The cybercrime forum **Carding Mafia**, which was used for the theft and trading of stolen credit cards, suffered two separate data breaches in 2021 that together exposed records tied to nearly **600,000 member accounts**. One breach in **March 2021** affected nearly 300,000 members, while a second breach in **December 2021** exposed more than 300,000 more, showing repeated compromise of the same criminal platform within nine months. Across the two incidents, the leaked data included **email addresses, usernames, IP addresses, and passwords hashed with salted `MD5`**. Both breaches were classified as **sensitive** and were not made publicly searchable by Have I Been Pwned, but the disclosures highlight that even illicit forums can become sources of credential exposure, infrastructure intelligence, and attribution data for defenders and investigators.
Mar 27, 2026
Technical Infrastructure of Carding Markets Exposed by New Research
Recent research has uncovered the technical infrastructure supporting underground carding markets, identifying 28 unique IP addresses and 85 domains actively hosting illegal platforms for trading stolen credit card data. These marketplaces function as sophisticated e-commerce sites, with criminals selling payment card information for prices ranging from $5 to $150 per card, depending on credit limits and associated identity details. Investigators used internet-wide scanning techniques, focusing on HTTP and HTTPS title banners, to detect servers advertising carding-related keywords before they could be hidden behind services like Cloudflare. The analysis revealed that these operations frequently use top-level domains such as .su, .cc, and .ru, exploiting their loose registration policies and jurisdictional challenges to maintain operational security. The research, conducted between July and December 2025, provided law enforcement with actionable intelligence, including login pages and forum landing pages for carding sites, which can support subpoenas and takedown efforts. The findings also highlighted the variety of methods used to steal credit card data, including web skimming attacks, database breaches, and physical skimming devices at ATMs and point-of-sale terminals. The exposure of these technical details offers critical insights into the infrastructure and operational patterns of carding markets, enabling more effective disruption of these criminal enterprises.
Mar 21, 2026