Heads up to anyone here using Claude/Anthropic as an alternative. If you have a card saved on their platform, remove it now.
I’m a data science student in Germany. On April 27th, my account was hit with over €800 in unauthorized "Gift Max" charges.
The Exploit:
- 2FA was active.
- 3-D Secure was bypassed (I received the bank emails, but they were never opened or authorized).
- The gift codes were generated and instantly redeemed by a third party.
- Anthropic’s own status page admitted to "Elevated billing errors and unauthorized subscription changes" that same day. (This systemic flaw is well-documented in GitHub issues #51404 and #51168).
The Fallout: Losing €800 instantly meant my monthly direct debits for my train ticket, internet, and utilities all bounced. In Germany, this instantly tanks your SCHUFA (credit score). My financial standing as a student is in ruins.
Anthropic's Response: I sent them a professional email with my German police report (Strafanzeige) and the GitHub evidence, asking for a refund.
Their response was to BAN my account. I lost access to all my WIP projects, research, and data science chats. They didn't just let me get robbed; they silenced me for reporting a vulnerability in their billing pipeline. No refund has been issued.
I used to advocate for Anthropic’s "AI Safety" approach, but safety marketing means nothing if your basic fintech security is this negligent. Be careful out there.
This is a compromised version of the post I made on Anthropic's subreddit, but I thought it was worth it to post here to warn people.
(Note: This post was written with the aid of Gemini).
[link] [comments]