Original Reddit post

I’m writing this as a warning and a cry for help. I am a top-performing Data Science dual-student in Germany, and Anthropic’s current billing security failure has just destroyed my monthly budget and my creditworthiness. On April 27th, my account was hit by unauthorized charges totaling over €800 —specifically multiple “Gift Max 20X” (€214.20) and “Gift Max 5X” (€107.10) purchases. 2FA was active. * 3-D Secure was never authorized.

  • The gift codes were generated and instantly redeemed by a third party before I could even see the email. This isn’t an isolated incident. This is a systemic flaw in Anthropic’s gift-billing pipeline. Check GitHub issues #51404 and #51168 (April 2026), or older related issues like #41499 and #47290 . There is a documented pattern of “Gift Max” theft where hackers bypass MFA to drain saved cards. On this day, the status.claude.com page was updated to “Investigating” regarding “Elevated billing errors and unauthorized subscription changes.” The Consequences: Because over €800 was sucked out of my account, my subsequent payments for my monthly train ticket, internet, and utilities all failed.
  • As anyone in Germany knows, multiple failed direct debits ( Lastschrift ) can tank your SCHUFA score instantly. My financial standing as a student is now in ruins because Anthropic’s “security” failed. Anthropic’s Response: Silence and a Ban I sent a professional email with my police report number ( Strafanzeige ), the GitHub evidence, and a request for a human specialist. Their response was to BAN my account. I have lost access to all my WIP projects, research, and data science chats. They didn’t just let me get robbed; they silenced me for reporting it. No refund has been issued. My Stance: I used to advocate for Anthropic’s “Constitutional AI” approach. Now, seeing how they treat a victim of their own technical vulnerabilities, I will never advocate for them again. In my future dealings with the German government and the private sector as a data scientist, I will be citing this as a primary case study in how “AI Safety” marketing often masks total corporate negligence in basic fintech security. This post was written with the aid of Gemini. submitted by /u/peowwww

Originally posted by u/peowwww on r/ArtificialInteligence