How the 115 Million Payment Card Leak Happened

A major cybersecurity incident has exposed up to 115 million US payment cards, with experts linking the breach to sophisticated smishing campaigns run by Chinese-speaking cybercriminal groups. Smishing—phishing through text messages—has evolved to bypass traditional defenses, including multi-factor authentication. Using real-time digital wallet provisioning and mobile-optimized phishing kits, these attackers target victims with convincing alerts about tolls, packages, or account issues. This large-scale leak highlights a growing cyber threat that blends advanced technology with social engineering tactics.

Smishing Attacks Are Outpacing Traditional Security Measures

According to cybersecurity researchers, the campaigns rely on phishing platforms designed for scalability and stealth. Originating from a figure known as “Lao Wang,” these tools leverage infrastructure capable of evading detection through geofencing, IP filtering, and mobile-device targeting. By focusing exclusively on real users and blocking security researchers, the attackers ensure their phishing pages remain active and effective. With one-time passcodes no longer enough to block such threats, even advanced security systems face challenges in detecting these attacks in time.

The Role of Telegram and Underground Platforms in the Attack

Investigators have traced the phishing kits to a Telegram channel called “dy-tongbu,” which has quickly become a hub for distributing these malicious tools. This underground marketplace offers cybercriminals everything they need to launch mobile-based credential harvesting campaigns at scale. The technical precision behind these operations allows them to reach intended victims while excluding unwanted scrutiny. Such platforms have accelerated the spread of smishing attacks, enabling cybercriminals to exploit personal and financial data more efficiently than ever.

How to Protect Yourself From Large-Scale Smishing Threats

With smishing attacks now capable of bypassing MFA, individuals and businesses must strengthen their defenses. Security experts recommend verifying all messages—especially those involving financial transactions—by contacting the organization directly through official channels. Avoid clicking links in unsolicited texts, and use security apps that can detect and block suspicious messages. For organizations, implementing AI-powered threat detection, employee awareness training, and network-level blocking measures can significantly reduce exposure. In an era where phishing kits are becoming more advanced, vigilance and layered security are essential to staying safe.