For a while now, the Stripe donation page linked from this site has been getting hammered with what look like stolen credit card details — hundreds of attempts a day. These aren't random guessed numbers: each attempt comes with a real name, address and email belonging to the cardholder. That tells me the data has come from a breach somewhere and is being run through payment pages to find out which cards still work. The practice is known as "card testing", and small donation and checkout pages are a common target for it.
A few things I want to be completely clear about:
- This is not me, and it is not anything running on my server. The donation page is hosted entirely on Stripe's own network — all I have here is a link to it. The card data and the processing all sit on Stripe, not on exxosforum.
- Nobody is actually being charged. Every single attempt is being declined — the security checks Stripe runs are failing every time. So while the volume is alarming, no money is going through.
- The card details appear to be US-based, so this looks like leaked US cardholder data. I've no idea where it originally came from, or how recent it is.
I'm posting this mainly so that if anyone here, or anyone looking into these failed donation attempts, notices the activity, they understand it's fraudulent card testing against a Stripe page — not me trying to charge anyone. It is completely outside my control, and I'll update this thread if anything changes or Stripe gets back to me.

