Dark web autoshop selling stolen credit card data accidentally exposed more than 345,000 card records after relying heavily on AI coding tools to build its infrastructure. Researchers say the leak highlights the growing risks of “vibe coding”, where AI-generated software is deployed without proper security checks or human oversight.
Researchers at Cybernews recently uncovered an unsecured server connected to “Jerry’s Store”, a criminal marketplace that allegedly sold stolen payment card information and offered customers tools to verify whether the cards still worked before purchasing them. The leak exposed around 345,000 payment card records, alongside internal systems, validation logs and administrative dashboards.
According to Cybernews, the exposure happened because the operators built large parts of their infrastructure using AI coding assistants but failed to properly secure what the tools generated.
The incident is now being viewed as one of the clearest examples yet of the risks associated with so-called “ vibe coding”, an increasingly popular practice where users describe what they want in plain English while AI systems generate the code automatically.
The infrastructure behind Jerry’s Store was reportedly built using Cursor, an AI-powered coding assistant developed by US software company Anysphere. While Cursor itself is a legitimate development tool widely used by programmers, the operators allegedly depended on it heavily to create both their backend systems and internal staff dashboards.
According to Cybernews researchers, the problems began when vague instructions were given to the AI system without proper security checks afterwards.
What emerged was an exposed web dashboard accessible directly through a browser, with no password protection, login system or authentication barriers in place.
Cybernews discovered the server on April 16 and found that sensitive information had effectively been left open to the internet.
The leaked data included roughly 145,000 “valid” payment card records containing full card numbers, expiry dates, CVV security codes, names and billing addresses. Another 200,000 records had already been flagged by the system as invalid.
“The model behind Cursor, based on the logs, had enough context to know what it was helping with,” Cybernews noted. “A credit card verification service. It kept building anyway.”
Researchers said the operators created fake accounts on platforms including Amazon, Grubhub, Sam’s Club, Temu, Lyft, Elf Cosmetics and CountryMax. The system would either attempt small transactions or add stolen cards as payment methods to test whether the cards remained functional.
Cards that successfully passed the checks were then marked as valid and sold at higher prices on dark web marketplaces.
On cybercrime forums, verified cards are considered significantly more valuable because untested card databases often contain expired or blocked information.
Cybernews traced the leak back to a single request inside the operators’ chat history with Cursor. One of the administrators reportedly asked the AI system to generate a statistics dashboard. The AI complied, but the resulting implementation was later deployed online without any security protections.
“While in this case it helped identify credit card fraud-related abuse, it’s also a lesson for developers using Cursor for legitimate uses, showing how it can lead to accidental data leaks,” Cybernews said.
