Not all personal and financial information leaked online is the result of a data breach by hackers. Sometimes sensitive information is leaked as a result of a database being left unprotected without a password.

As discovered by LEAKD's security team, 5 million US credit card details and other sensitive data were found in an AWS S3 bucket that could have been accessed by anyone online. Like the best cloud storage, S3 buckets are virtual file folders stored in the cloud, often used by companies to store customer data. Currently, it is not known who was behind this leak, but from the screenshots seen by LEAKD, it appears to be due to a phishing scam. Normally, this stolen data belongs only to hackers, but by forgetting to protect it with a password, anyone with the necessary know-how could have accessed this information. Here is everything you need to know about this massive data breach and the steps you should take to secure your digital life if you believe your credit card information or other personal data may have been compromised.

One of the easiest ways hackers trick potential victims into voluntarily providing their personal data and financial information is with fake giveaways and other too-true offers. Most people will quickly realize it is a scam, but some may click on it out of curiosity.

In this case, given that the lure was a free iPhone or a heavily discounted holiday gift, and the S3 bucket in question had 5TB worth of screenshots, more people fell for this scam than one might imagine.

The cybercriminals behind this scam successfully collected full names, billing addresses, email addresses, phone numbers, and credit card information by having potential victims fill out online forms. All without hacking or deploying malware on their phones or computers.

Not only could this information be used for fraud and identity theft, but it could also be sold on the dark web and used by other hackers in their attacks; as LEAKD points out in its report on the case, the average US credit card and its associated details are usually sold online for about 17 dollars. Given that the data breach includes an estimated 5 million unique U.S. credit and debit cards, this treasure trove of personal and financial information could be worth more than $85 million when all is said and done.

If you or someone you know (such as a teenager or an elderly relative with poor cyber hygiene) has fallen for one of these scam giveaways, you need to act immediately.

For starters, you need to actively monitor your credit card and other statements for signs of fraud or suspicious activity. If you find any, notify your bank as soon as possible so that they can freeze the affected cards. Likewise, if you want to be proactive, you can set up a fraud alert with your bank or credit card company.

From here, change the passwords on the affected accounts and enable multi-factor authentication if you haven't already. You can also implement a credit freeze to prevent others from taking out loans or opening new accounts in your name.

Investing in the best identity theft protection services is always a good idea, especially for families with teenagers or those who are not security-savvy. These services can help restore identity after a crisis and recover funds lost to fraud.

One should also be aware of targeted phishing attacks that attempt to extract even more valuable information. These emails with your full name, phone number, address, and email address may arrive in your inbox, mailbox, or as a text message or phone call. Thus, you want to be very careful when dealing with unsolicited messages, both in the real world and online.

To find out if your personal or financial information has indeed been compromised, you can use a data breach checker; HaveIBeenPwned is one of the most well-known, but Cybernews also has one, and many cybersecurity companies offer them. Simply enter an email address and it will let you know if that email address or other credentials have appeared in places online where they shouldn't.

Free iPhone scams and steep discount offers during the holiday season are nothing new, but if you haven't already, it's worth educating yourself as well as your family on the best ways to spot online scams before it's too late.