A project like this can’t avoid all risks & it’s not exactly online banking, but they used an old 6-character password & had two auth security holes from vibe coding, oof aldenhallak.com/blog/posts/d... (and someone doxxed them, wtf)
DrawAFish.com Postmortem — Aug 3, 2025 Incident
A blameful postmortem of how my viral HackerNews project got compromised by legacy passwords, missing auth, and the perils of vibe coding.
