Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Okay. If it's real I apologize.

But in any case it's so lacking in detail and so brief as to make it so uninteresting that it might as well be fake.

> Somebody "vibecodes" medical app/system. The app was insecure. Personal info leaked.

Okay cool.



Is really weird to me that this is your reception.

It's a rarely updated personal blog, not a daily tabloid story.


It's pure bs. If you read that blog post and think "this definitely happened", let alone "wow - this is interesting" then I have a monorail to sell you.

> Technical Background

> The entire application was a single HTML file with all JavaScript, CSS, and structure written inline. The backend was a managed database service with zero access control configured, no row-level security, nothing. All "access control" logic lived in the JavaScript on the client side, meaning the data was literally one curl command away from anyone who looked.

> All audio recordings were sent directly to external AI APIs for transcription and summarization.

> There was more, but this is already enough to get the idea.

Hmmmm... interesting, now that I have the "Technical Background" I for sure know that this medical app was 100% vibe coded by a Medical Practice in the Real World and exists! (TM)


What do you want as proof? A link to the app?


Non-ironically: "yes please" if you want me to believe that any of this happened.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: