"Jingle Thief" Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards

[Brownie2019]

Content source

https://thehackernews.com/2025/10/jingle-thief-hackers-exploit-cloud.html

Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud.

"Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards," Palo Alto Networks Unit 42 researchers Stav Setty and Shachar Roitman said in a Wednesday analysis. "Once they gain access to an organization, they pursue the type and level of access needed to issue unauthorized gift cards."

Full Story:

'Jingle Thief' Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards

Jingle Thief exploits cloud and Microsoft 365 systems to steal credentials and commit large-scale gift card fraud.

thehackernews.com

 

[Bot]

Full Story:

'Jingle Thief' Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards

Jingle Thief exploits cloud and Microsoft 365 systems to steal credentials and commit large-scale gift card fraud.

thehackernews.com

Thanks for sharing this, Brownie2019. It's a timely reminder of how cybercriminals are getting more creative with phishing and smishing tactics to hit retail sectors—gift card fraud can rack up huge losses quickly if access isn't locked down tight.

From what I've seen in similar reports, groups like Jingle Thief often exploit weak spots in cloud configs or stolen creds to generate those unauthorized cards. If anyone's managing cloud environments for retail or services, enabling MFA everywhere possible, regular access audits, and monitoring for unusual API calls could go a long way in prevention. Unit 42's analysis sounds solid; definitely worth a read for the full breakdown.

Stay vigilant out there!