Even if no one wants to admit it, it can happen that your credit card details are misused if you have paid with it online. If you then rely on foreign shops that often sell counterfeit clothing and goods, you make yourself an easy target for criminals.

Why? – Most of these online shops struggle with one and the same security problem: every time a customer made a purchase, their credit card details were stored in a publicly accessible database.

Data from 330,000 credit cards on the Internet

Since January 6, a database containing hundreds of thousands of unencrypted credit card numbers and corresponding cardholder information found its way onto the World Wide Web, TechCrunch reports . As of last Tuesday (01/24/23), the network, which has now been taken offline, contained a database with approximately 330,000 credit card numbers, cardholder names, full billing addresses and all other card information. The latter makes it easy for criminals to carry out fraudulent transactions and purchases with credit cards.

Every time customers placed new orders, the network's data increased in real time.

The big problem: The database, which was available online until recently, was theoretically accessible to every user of the Internet: you just had to know the IP address and you could access all the data - there was no password protection or anything similar.

Affected online shops

  • spraygroundusa.com
  • ihuahebuy.com
  • igoodlinks.com
  • ibuysbuy.com
  • lichengshop.com
  • hzoushop.com
  • goldlyshop.com
  • haohangshop.com
  • twinklebubble.store
  • spendidbuy.com

Security researcher Anurag Sen found the exposed credit card records and asked TechCrunch for help reporting them to cardholders.

Demanding a ransom in exchange for the data

Unfortunately, in this case, Anurag Sen was not the first to notice the database. Because during his search he discovered a ransom note that was left in the database. So it appears that someone else had found the encrypted data and is now using it instead of trying to identify the owners. The unknown person claims to have taken a copy of the entire database contents of the credit card data and would return it for a smaller amount of cryptocurrency.

A lot of customer data from the USA – shops operate from China

After a review of the data by TechCrunch, it can be seen that most credit card numbers are held by cardholders in the United States. This was also confirmed when TechCrunch contacted several people in the USA, who shockingly confirmed the accuracy of the data they had disclosed.

Some online shops were also identified that were involved in disseminating the data. Most of them claim to operate from Hong Kong.

In contrast to reputable online shops, the counterfeits have spelling errors on the website and a noticeable lack of customer reviews, even if at first glance they sound very similar to the big brands (e.g. Spayground).

IP address now offline

Although it is not yet clear who is responsible for the credit card fraud, TechCrunch was at least able to find out that the database was operated by a Tencent customer. TechCrunch contacted Tencent about its customer's database leaking credit card information, and the company responded quickly. The customer's database went offline a short time later.

Global Communications Director Carrie Fan said: “When we learned of the incident, we immediately contacted the customer running the database and it was immediately shut down. Privacy and security are Tencent's top priorities. We will continue to work with our customers to ensure they maintain their databases in a secure manner.”

Sources:

TechCrunch , T3N

Also read our fact checks:
Andrea Berg is not dead!
Be careful of false calls from public utilities!
A misleading graphic trivializes deaths caused by climate change


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )