Vibe Coding Mishap Exposes Massive Trove of Stolen Financial Data

A dark web marketplace used by cybercriminals to validate stolen credit cards has accidentally exposed nearly 345,000 sensitive card records after relying heavily on AI-generated software code. The incident, involving a platform known as Jerry’s Store, is now being cited by cybersecurity researchers as one of the clearest warnings yet about the dangers of “vibe coding” — the growing practice of deploying AI-written code with little or no human security review.

The leak has triggered fresh concerns among regulators, financial institutions and cybersecurity experts worldwide, especially at a time when digital fraud networks are becoming increasingly sophisticated and deeply intertwined with mainstream financial systems.

How AI Coding Tools Triggered the Leak

Jerry’s Store operated as a “carding” platform, allowing cybercriminals to check whether stolen payment cards were still active before selling or using them. According to investigations by cybersecurity researchers, the operators used Cursor, an AI-assisted coding platform developed by Anysphere to build their backend infrastructure and administrative dashboards.

The AI tool itself is legitimate and widely used by developers. However, researchers say the criminals relied excessively on automatically generated code without implementing basic security safeguards. This “vibe coding” approach resulted in the AI creating an unauthenticated public web directory that exposed the platform’s backend database directly to the internet.

As a result, security researchers discovered massive amounts of sensitive information openly accessible online, including stolen card numbers, expiry dates, CVV codes, billing addresses and cardholder names. Ironically, a platform built to support financial fraud ended up exposing its own criminal infrastructure because of poor cybersecurity practices.

Inside the Card Validation Network

Jerry’s Store was more sophisticated than a simple marketplace for stolen cards. It functioned as a verification system that tested whether compromised cards were still usable.

The platform reportedly carried out small test transactions through legitimate online services and merchants, including companies such as Amazon, Temu, Lyft and Grubhub. By analysing approval or rejection responses, criminals could identify “live” cards with active balances.

The system also maintained logs, transaction statistics and administrative dashboards — all of which became visible once the exposed directory was discovered. The leak effectively provided investigators with insight into how modern carding ecosystems operate and monetise stolen financial data.

The Growing Risk of AI-Driven Misconfiguration

Cybersecurity analysts believe the incident reflects a broader and more dangerous trend. AI coding assistants can rapidly generate servers, APIs and web applications, but they do not inherently guarantee secure configurations.

Without proper human oversight, organisations may unknowingly deploy systems lacking authentication, encryption, access controls or network protections. This risk applies not only to cybercriminals but also to startups, fintech firms and even large enterprises increasingly adopting AI-assisted development tools.

The Jerry’s Store case demonstrates that AI-generated software can accelerate both innovation and vulnerability simultaneously. A functional system is not necessarily a secure system.

Rising Pressure on Regulators and Banks

The leak comes amid growing scrutiny of digital fraud controls globally. In India, the Reserve Bank of India has recently intensified pressure on banks over failures in anti-money-laundering monitoring and digital fraud detection.

Analytically, the Jerry’s Store exposure highlights three major realities: AI is lowering the barrier for criminals to build advanced fraud infrastructure; cybercrime is increasingly dependent on legitimate financial ecosystems; and regulators must now treat AI-driven software misconfiguration as a systemic security threat rather than a niche technical issue.

A Warning for the AI Era

The collapse of Jerry’s Store’s secrecy offers a powerful warning about the double-edged nature of AI-assisted software development. The same technology capable of accelerating digital transformation can also create dangerous vulnerabilities when deployed carelessly.

As AI-generated coding becomes more common across industries, cybersecurity can no longer remain an afterthought. Whether for legitimate businesses or criminal enterprises, systems built without rigorous human oversight risk becoming liabilities rather than assets. In the emerging AI era, speed without security may prove to be the costliest mistake of all.

(With agency inputs)