Detailed Analysis
A Reddit user identifying as a data science student enrolled in a German dual-study program published a post on or around May 2026 alleging that unauthorized charges exceeding €800 were processed against their payment method through Anthropic's "Gift Max" gifting feature on April 27th. The user claims that despite having two-factor authentication enabled, multiple "Gift Max 20X" (€214.20) and "Gift Max 5X" (€107.10) transactions were executed without their knowledge or consent, with the resulting gift codes immediately redeemed by an unidentified third party. The post references what it describes as a pattern of similar incidents documented in GitHub issues from April 2026 (#51404 and #51168) and earlier (#41499 and #47290), and notes that Anthropic's status page acknowledged "elevated billing errors and unauthorized subscription changes" on the same date, suggesting the incident may not have been isolated. The post was explicitly noted to have been written with the assistance of Google's Gemini, a direct competitor to Anthropic's Claude.
The downstream consequences alleged in the post are particularly significant in the German financial context. Because the unauthorized charges depleted the user's account, subsequent legitimate automatic payments — including a monthly transit pass, internet service, and utilities — reportedly failed. Germany's SCHUFA credit scoring system, analogous to credit bureaus in other countries but known for its sensitivity to failed direct debits (Lastschriftabbuchungen), can register meaningful negative marks from a small number of bounced payments. For a student without substantial financial reserves, such a cascade of failures presents a disproportionate and potentially long-lasting financial harm relative to the original monetary loss. The user's complaint that Anthropic responded to their formal report — which included a German police report number (Strafanzeige) — by banning their account rather than investigating or issuing a refund compounds the alleged harm and introduces questions about how Anthropic's trust-and-safety systems interact with legitimate fraud disputes.
The incident, if substantiated, highlights a structural vulnerability in AI subscription platforms that have introduced gifting or resale features without sufficiently hardened billing pipelines. Gift code systems are a well-documented attack surface in digital goods markets: because gift codes convert immediately into account credits or subscriptions and are difficult to reverse, they are attractive targets for credential-stuffing or session-hijacking attacks that can bypass MFA at the billing layer rather than the login layer. The claim that 3-D Secure — the standard European card authentication protocol mandated under PSD2 — was never triggered is particularly notable, as its absence for digital goods transactions would represent a potential compliance concern under EU payment services regulations. If the GitHub issues cited do represent a documented pattern rather than isolated anecdotes, it would suggest that Anthropic's gift-billing pipeline had not been adequately stress-tested against known attack vectors before deployment.
More broadly, the episode sits at the intersection of two growing tensions in the commercial AI industry. First, as AI companies scale their consumer-facing subscription products rapidly, security and fraud infrastructure does not always keep pace with feature development — a pattern seen repeatedly in fintech and gaming. Second, the user's public disavowal of Anthropic's "Constitutional AI" framing in direct response to an alleged customer service failure illustrates how reputational trust built on safety and ethics marketing can be eroded sharply by concrete operational failures. The irony of a self-described Anthropic advocate turning to a Gemini-assisted post to publicize their grievance — and explicitly stating they will cite this as a case study in corporate negligence in their future professional work — underscores the reputational stakes for AI companies when product security incidents intersect with perceived institutional indifference to individual harm. The post remains unverified by independent sources, and Anthropic has not publicly responded to the specific claims as of the time of this writing.
Read original article →