← Reddit
Claude Learning Daily

Potential payment info leak

Reddit · Kenji66 · May 6, 2026
Unauthorized charges appeared on a company credit card used exclusively for purchasing Claude Max, with one transaction succeeding before the cardholder blocked the card and five additional fraudulent attempts followed. The fraudulent charges targeted merchants including Auto Glass and Walmart with transactions showing Memphis in the transaction details. The incident suggests a potential payment information breach affecting customers who purchased Claude Max subscriptions.

Detailed Analysis

A Reddit post in the r/Anthropic community has raised concerns about a potential payment card data compromise linked to Claude Max subscriptions, with the original poster reporting a series of unauthorized charges appearing on a company credit card that had been used exclusively for that purchase. The poster states that the fraudulent activity began within hours of being noticed, with an initial unauthorized transaction followed by five additional attempted charges after the card was blocked. The targeted merchants reportedly include businesses such as Auto Glass and Walmart, with a Memphis, Tennessee geographic identifier appearing across multiple transactions.

The significance of this report lies in the card's exclusive association with the Claude Max purchase, which the poster cites as strong circumstantial evidence that the payment data was exposed at or through Anthropic's billing infrastructure. Claude Max is Anthropic's premium subscription tier, offering enhanced access and usage limits to its flagship AI models. If payment credentials submitted to Anthropic's payment systems were in any way exfiltrated — whether through a breach of Anthropic's own systems, a third-party payment processor, or another vector — the implications would extend to an unknown number of subscribers. The pattern of rapid, geographically clustered fraudulent charges is consistent with card data being sold or used quickly after acquisition, a common characteristic of payment card fraud operations.

It is critical to note that this report, as of its posting, represents a single user's account on a public forum, without corroboration from Anthropic, independent security researchers, or multiple confirmed victims. The geographic clustering around Memphis could suggest the use of a card-present skimming operation, a reseller of stolen card data operating from that region, or simply a coincidence of where fraudulent transactions were attempted. The causal chain between the Claude Max purchase and the fraud has not been independently established.

The broader context is that AI subscription services have become high-value targets as their user bases grow rapidly and payment data accumulates in billing systems that may not have the same security maturity as longer-established platforms. Anthropic, as a company that has scaled its consumer-facing products significantly in a short period of time, faces the same third-party processor and supply chain risks as any other technology company handling payment card data. Whether this incident reflects a systemic compromise or an isolated fraud event, it underscores the importance of AI companies maintaining robust PCI DSS compliance and proactive fraud monitoring as their subscriber bases expand.

Read original article →