If you use Claude AI or any AI tool with saved payment methods, you need to know about a growing scam targeting users worldwide. Hackers are draining accounts by sending gift subscriptions to themselves, then reselling the codes before you even notice the charges.
The good news: Claude hasn’t been hacked. The bad news: the scammers don’t need to break in. They’re using a simpler backdoor.
How the Claude AI gift subscription scam works
Attackers gain access to your Claude account using leaked passwords from old breaches or stolen login sessions. This often happens through phishing emails or malware that grabs your password without you knowing.
Once inside, they don’t change your password or email—that would alert you immediately. Instead, they go straight to your billing settings and buy gift subscriptions sent to email addresses they control.
Here’s the sneaky part: gifting requires fewer security checks than changing account settings. The scammers can instantly resell those digital codes on crypto marketplaces, all before you get a single notification.
Why now? AI platforms are scaling fast, but their security hasn’t caught up. Most don’t require a second factor (like a bank text code) to buy gifts. If a hacker takes over an active session, the system thinks everything is normal.
What you should do today
Step 1: Remove saved payment methods. Go to Settings, then Billing. Delete any saved cards or payment options. Only add them back when you’re actually buying something.
Step 2: Log out everywhere. Sign out of Claude on all your devices. This forces a new login session and boots out any hacker who may have stolen your current one.
Step 3: Watch your email. If you see messages saying “Your gift has been delivered” but you didn’t send it, contact your bank immediately and request a refund. Then change your Claude password and enable any available security options.
What to watch for
Check your email inbox and spam folder for gift notifications. Unknown transactions on your bank or credit card statement. Unexpected login activity in your Claude account settings if you can still access it.
Until Anthropic adds two-factor authentication for gift purchases, treat your saved payment details as a risk. It takes 30 seconds to add a card when you need it, and that’s safer than leaving one permanently on file.
This isn’t a flaw unique to Claude—it’s a problem across fast-growing platforms. But you can stay ahead by staying defensive.
Leave a Reply