Martinez man says his AI was hacked as fraudulent charges racked up in euros on Claude account
MARTINEZ, Calif. (KGO) -- A Bay Area man says his Anthropic account was hacked, requesting charges he didn't authorize. But the tech company says the issue was not caused by the Claude app itself.
Jason Weitzman bought an Anthropic membership, using Claude to help build software for his tech company.
He says everything was running smoothly until emails from Chase Bank flagged multiple gift purchases in euros -- charges he didn't authorize.
"Two had actually made it through to my bank, totaling around $315," Weitzman said.
It didn't stop there.
Statements show more charges were made over the next two days.
"What do you think happened?" 7 On Your Side's Stephanie Sierra asked.
"That I somehow got hacked. That somebody is attempting to make these purchases on my behalf," Weitzman said.
MORE: Fans turning to social media for World Cup ticket deals should be on alert for scams, says BBB
He says he started looking into the applications downloaded and installed on his computer as part of Claude's setup.
"That's how I started to run into what the actual problem was," Weitzman said.
Weitzman, a former information security director, says he found a problematic add-on connected to Claude, referred to as a "skill," similar to a plug-in.
"That basically told Claude to attempt to purchase different types of gift accounts on my stored information. So it was using the digital wallet that was on my computer for Claude to start to make these purchases," Weitzman said.
Anthropic told 7 On Your Side: "We identified unauthorized charges that appear to stem from a compromise of the user's device, not the Claude app itself."
"How many times did you reach out to Anthropic?" Sierra asked.
"In total, probably a couple of dozen," Weitzman said.
Weitzman says he attempted to use Claude's live customer support agent. He said he was locked out after Anthropic banned his account.
Weitzman then tried filing an appeal, but that didn't work either.
"You're frustrated, you're angry, you've had your money taken, nobody is helping you," Weitzman said.
He says days went by and he got nowhere. That's when he called 7 On Your Side. The team worked with Anthropic to resolve the issue.
MORE: Bay Area couple gets $10K bill for toll violations racked up by identity thief
"You paid for the Claude membership, you got banned, and then you got fraudulent charges?" asked Sierra.
"Yes, it took the news getting involved not just for Anthropic to step up and do something, but also for my bank to take it as well," Weitzman said.
Anthropic told 7 On Your Side: "The user in question has been refunded and their access to Claude has been restored. In recent weeks we've also taken additional steps to further safeguard user payment information on Claude accounts."
"And you got the refund?" Sierra asked.
"I did, not thanks to Chase, but thanks to the news, thanks to you," Weitzman said.
Weitzman also tried filing a claim with Chase, but says it was denied, citing a Claude receipt as proof he authorized the charges.
"What was your reaction to that?" asked Sierra.
"I thought that was crazy. How could a receipt mean that I made those charges? It just means that a transaction occurred," Weitzman said.
Chase told 7 On Your Side: "The merchant worked directly with the customer to resolve the issue. We encourage customers to regularly review their account activity and take advantage of our available security tools and resources."
The bank noted their team "fully reviewed this claim including documentation that was made available to us at the time. We asked Mr. Weitzman to provide us with evidence of hacking or malware. He declined to provide any additional documentation." Adding, "During our review, we determined that the transaction was made from the customer's known IP address."
But Weitzman says Chase never requested any evidence of hacking, pointing out it's common for IP addresses to be used during account takeovers.
For now, Weitzman has Claude and his money back, but still has concerns about the platform.
"What is your takeaway from this experience?" Sierra asked.
"They built a great tool. The infrastructure around that tool, not so great," Weitzman said.
Anthropic reports online it's working on several layers of user protection, including stronger detection of harmful requests and real-time cybersecurity safeguards.
The company says its most capable models now automatically detect and block requests associated with things like ransomware development, mass data theft and other malicious cyber operations.
But in June, the company disabled its most advanced models for all users following an order from the U.S. government raising national security concerns.
Take a look at more stories and videos by 7 On Your Side.
7OYS's consumer hotline is a free consumer mediation service for those in the San Francisco Bay Area. We assist individuals with consumer-related issues; we cannot assist on cases between businesses, or cases involving family law, criminal matters, landlord/tenant disputes, labor issues, or medical issues. Please review our FAQ here. As a part of our process in assisting you, it is necessary that we contact the company / agency you are writing about. If you do not wish us to contact them, please let us know right away, as it will affect our ability to work on your case. If we are able to assist you, we will reach back out.
