Back

Vibe-Coded Apps Expose Sensitive Data on Open Web

Severity: High (Score: 69.0)

Sources: Rss.Slashdot, www.wired.com, Venturebeat, Uk.Pcmag, Au.Pcmag

Summary

Recent research revealed that over 5,000 vibe-coded applications, created using platforms like Lovable and Base44, exposed sensitive corporate and personal data. The cybersecurity firm RedAccess found that approximately 40% of these apps lacked proper security measures, allowing unauthorized access to sensitive information. The vulnerabilities included medical records, financial data, and internal corporate documents. Escape.tech also reported identifying over 2,000 vulnerabilities across 5,600 analyzed vibe-coded applications, with many being live production systems. The ease of creating and deploying these applications without security checks has raised significant concerns among security professionals. Phishing sites impersonating major corporations were also discovered, further highlighting the risks associated with vibe coding. The findings emphasize the urgent need for better security practices among non-developers using these tools. Key Points: • Over 5,000 vibe-coded apps exposed sensitive data due to inadequate security. • RedAccess identified that 40% of these apps allowed unauthorized access to critical information. • Escape.tech found over 2,000 vulnerabilities in 5,600 analyzed vibe-coded applications.

Key Entities

  • Brute Force (attack_type)
  • Data Breach (attack_type)
  • Phishing (attack_type)
  • Bank Of America (company)
  • Costco (company)
  • FedEx (company)
  • McDonald's (company)
  • Trader Joe's (company)
  • Brazil (country)
  • CVE-2025-48757 (cve)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • base44.com (domain)
  • create.xyz (domain)
  • escape.tech (domain)
  • launched.lovable.dev (domain)
  • lovable.dev (domain)
  • Financial (industry)
  • Healthcare (industry)
  • T1566.002 - Spearphishing Link (mitre_attack)
  • Base44 (platform)
  • Bolt.new (platform)
  • Lovable (platform)
  • Netlify (platform)
  • PostgreSQL (platform)
  • Escape ASM Scanner (tool)
  • Shodan (tool)
  • Visage Surface Scanner (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed