Skip to main content
Cybersecurity

Threads users find strings of credit card details

On social media, stolen data gets “lost in the noise,” according to one pro.
article cover

Justin Sullivan/Getty Images

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

When security researcher Kyla Cardona recently signed onto Threads, she saw an unexpected post weaving its way into her feed: detailed credit card information.

Since September, Cardona and pros at cybersecurity company SpyCloud have seen new accounts—some with up to 12,000 followers, Cardona said—posting stolen financial data, and even photos of physical cards.

“I didn’t follow any of their accounts. So, that’s what is really surprising to me,” Cardona told IT Brew.

The unexpected appearance on Cardona’s and at least one Reddit user’s feed, suggests cyber fraudsters are brazenly moving to populated public platforms—and those same sites are struggling to detect the posts and keep them out of feeds.

“There is an actual marketplace to be had on these social media platforms for criminal activity,” said James Turgal, former FBI pro and current VP of global cyber risk and board relations at cyber advisory leader Optiv. “And there’s so much data and so many accounts that the platforms themselves can’t keep up.”

PII chart. According to SpyCloud’s research notes and screenshots shared with IT Brew, posts include cardholder names, credit card numbers, SSNs, CVVs, and other personally identifiable information.

A threat actor even used a poll to track if card details “worked fine” or were declined.

“It seems like they’re using that as a way to boost engagement, to boost the prevalence of the credit cards in the algorithm,” Aurora Johnson, SpyCloud cybersecurity researcher, told IT Brew. “But then it also seems like possibly a way to crowdsource whether or not the stolen card is still working without having to do checking with some sort of payment gateway.”

In some instances, the data leaker’s Threads bio, Cardona noted, links back to a Telegram channel for “more of a private sale.”

The SpyCloud team noted some Threads instances appeared shortly after Telegram CEO Pavel Durov (who is facing charges for failing to act against criminal use of the app) announced improved AI-based content-moderation methods for his company’s messaging platform.

Platforms like Threads have massive user bases, Turgal said—an opportunity for data thieves and a challenge for social sites “bombarded” by immense amounts of data and illegitimate posts.

“They’re getting lost in the noise,” Turgal told us, adding that platforms often use AI-based methods for content moderation, tools “in their infancy at best.”

While Cardona noted screenshots of data require more sophisticated detection, like optical character recognition software, Johnson sees weaknesses in Meta’s moderation policies.

“It doesn’t seem like Meta really is cracking down on it, even though they’re posting things that theoretically would be easy to automate, takedowns such as full credit card details and additional financial details of the cardholders,” Johnson said.

“We’re aware of this type of behavior, and continue to take action against accounts and content that violate our policies,” Seine Kim, Meta spokesperson, wrote in an email to IT Brew when asked how the company plans to defend against the threats shared by SpyCloud researchers, who also spoke with The Register in October.

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.