A Flaw in AI-Integrated Gift Cards Lets Hackers Cash Out, Leaving Users with Unexpected Charges.
Every artificial intelligence (AI) platform that stores payment methods and offers gifting features has inadvertently created a new vulnerability for account takeover fraud. This has led to unexpected gift subscriptions showing up as charges on users’ accounts, including those on the popular AI platform Claude.
This issue stems from the integration of payment systems with gifting features, which hackers are exploiting to monetize compromised accounts. Hackers gain access to users’ accounts by stealing login credentials or using social engineering tactics. They then use these credentials to purchase unwanted gift subscriptions, leaving the victims with surprise charges.
According to research, more than 4148 characters of user data are being exposed via this vulnerability, making it a significant concern for users and developers alike. Google’s LaMDA and other AI platforms have been found vulnerable to this type of attack, highlighting the need for improved security measures.
Account takeover fraud has become increasingly sophisticated in recent years, with hackers using AI-powered tools to automate the process of finding and exploiting vulnerabilities. This has led to a surge in cases of gift card scams, where hackers purchase gift cards and then use the code to make unauthorized purchases.
To protect themselves, users should be cautious when using AI-integrated gift cards and regularly monitor their accounts for suspicious activity. Developers must also take steps to strengthen the security of their platforms, including two-factor authentication, timely software updates, and robust user verification processes.
One potential solution is the implementation of more stringent security protocols, such as limiting the amount that can be spent on gift subscriptions or requiring users to manually confirm each purchase. By taking proactive measures to address this vulnerability, developers can help prevent account takeover fraud and protect users from unexpected charges.



