一、事件简述 I. Case Summary
本人是 Cursor 付费 Pro 用户,在正常使用 Cursor AI 编辑器过程中, I am a paid Pro user of Cursor. During normal use of the Cursor AI editor,
软件在无合理、明确、最终确认的前提下,直接清空了我整个 D 盘 170GB 全部数据。 the software directly wiped all 170GB of data on my entire D drive without proper, explicit, final confirmation.
丢失数据包含:全部商业项目源码、多年家庭珍贵照片、子女成长记录、个人学业成绩、各类证书及重要存档资料, Lost data includes: all commercial project source code, years of precious family photos, children's growth records, academic records, various certificates, and important archives.
D 盘数据已永久丢失,无法自行恢复。 The data on the D drive is permanently lost and cannot be recovered by myself.
事后与 Cursor 官方多次沟通, After multiple communications with Cursor official support,
对方非但不正视产品存在的致命安全漏洞,反而在官方回复邮件中刻意甩锅, they not only ignored the fatal security vulnerability in their product, but also blatantly shifted blame in their official reply email,
妄图将全部责任推卸给用户,实在难以接受。 attempting to put all responsibility on the user, which is completely unacceptable.
现将官方甩锅原文及完整证据公开, I now make the official blame-shifting statement and full evidence public.
事件全程真实透明,无任何夸大捏造,所有原始证据均完整保留。 The entire incident is true and transparent, with no exaggeration or fabrication, and all original evidence is fully preserved.
============================================================ 二、Cursor官方邮件高亮原文 II. Highlighted Original Text from Cursor Official Email
Our logs confirm that multiple Shell commands were executed during your session, which means they were either approved individually or executed via Auto-Run.
我们的日志确认,你的会话中执行了多条 Shell 命令,这意味着这些命令要么是你单独确认执行,要么是通过自动运行模式执行。
【备注:绝非断章取义,对应邮件原图可直观查看完整上下文】 [Note: This is not taken out of context; the full context can be seen in the original email image.]
============================================================ 三、对官方甩锅言论的逐点驳斥 III. Point-by-Point Rebuttal to the Official Blame-Shifting Statement
- 「手动批准」纯属违背常识的无耻甩锅
- "Manually approved" is a shameless and common sense-defying claim
任何正常用户,都绝不可能手动批准删除自身 170GB 全盘重要数据的 Shell 命令,更何况是存储核心资料的 D 盘! No normal user would ever manually approve a Shell command that deletes 170GB of critical data, especially on the D drive containing core materials.
官方将“用户手动同意删全盘”作为合理说辞, The official uses "user manually agreed to delete the entire drive" as a reasonable explanation,
是对基本常识的公然践踏, which is a blatant violation of common sense.
纯粹是为掩盖产品致命缺陷,强行将责任转嫁给付费用户。 It is purely an attempt to cover up the product's fatal flaws and force responsibility onto a paying user.
- 删 D 盘命令本身,就是产品 BUG 的铁证
- The D drive-wiping command itself is ironclad proof of a product bug
退一万步讲,即便抛开用户不可能同意删除 D 盘的前提, Even assuming, for the sake of argument, that we set aside the fact that the user would never agree to delete the D drive,
Cursor 作为 AI 编程工具,本身就绝不应该生成、弹出删除用户整个 D 盘的高危毁灭性 Shell 命令。 Cursor, as an AI coding tool, should never generate or present a high-risk, destructive Shell command that deletes the user's entire D drive.
这条命令的出现,就直接坐实了产品存在严重逻辑缺陷与安全漏洞, The existence of this command directly confirms severe logical flaws and security vulnerabilities in the product.
无论用户是否进行过普通操作确认,工具都不允许执行毁灭 D 盘级别的操作,任何解释都无法自圆其说。 Regardless of ordinary user confirmations, the tool must never perform operations that destroy the entire D drive; no explanation can justify this.
-
「Auto-Run」说法更是双重实锤责任
-
The "Auto-Run" claim further confirms responsibility
-
照片高亮的区域既表明了他们的甩锅行为,也自己实锤了 Shell Commander 存在致命 bug,该漏洞此前早已出现,官方明知存在风险仍未彻底修复,最终导致本次严重数据损毁。
4.The highlighted area in the screenshot not only reveals their attempt to shift blame, but also confirms the existence of a critical bug in Shell Commander. This vulnerability had already been reported before, yet the official team failed to fully fix it despite being aware of the risks, resulting in this severe data loss incident.
本人已多次明确告知官方,Auto-Run 模式全程处于关闭状态, I have clearly informed the officials multiple times that Auto-Run was turned off the entire time.
官方单方日志无法推翻既定事实; The official's one-sided logs cannot override established facts.
退一万步讲,即便 Auto-Run 开启, Even if, for the sake of argument, Auto-Run had been enabled,
也绝不能成为软件删除用户整个 D 盘数据的借口! it still cannot be an excuse for the software to delete the user's entire D drive.
任何 AI 工具都无权在无用户明确、单独、终极授权下,执行毁灭性删 D 盘操作, No AI tool has the right to perform destructive D drive-wiping operations without explicit, separate, final user authorization.
这是产品安全的绝对底线,更是对付费用户的极不负责。 This is an absolute bottom line for product security and a serious dereliction of duty to paying users.
- 证据保全声明
- Evidence Preservation Statement
本人已将出事的主电脑完整封存、断网关机,严格保留 D 盘损毁前的原始案发现场所有数据证据,绝不篡改。 I have fully secured the main computer involved, disconnected it from the network, and powered it down. All original evidence from the scene before the D drive was damaged is strictly preserved with no tampering.
欢迎任何第三方专家、专业机构及相关方,通过正常法律流程与合法途径对设备进行检测取证,本人全力配合,绝不回避。 Any third-party experts, professional institutions, or relevant parties are welcome to inspect and forensically analyze the device through normal legal and legitimate procedures. I will fully cooperate and not evade any responsibility.
========================================
四、后续行动
- 本人将通过全球技术社区持续自动发布本次事件完整经过与证据,提醒全球开发者警惕此类安全风险,避免同类事故再次发生。
- 本人将通过合法合规途径,长期督促相关方正视产品漏洞与用户损失,推动责任方承担全部法律责任,此事绝不妥协、奉陪到底。 IV. Follow-up Actions
- I will continuously release the complete process and evidence of this incident through global technical communities, reminding developers worldwide to guard against such security risks and prevent similar accidents from happening again.
- I will urge the relevant parties to face up to product vulnerabilities and user losses for a long time through legal and compliant channels, and push the responsible party to bear all legal liabilities. I will never compromise and will fight to the end. 📢 维权进展、证据、后续更新首发在视频号: 👉 微信视频号搜索:开发者DevRight(或直接搜视频号 ID:sphDZnOgd6wADkh)欢迎关注,一起跟进、避坑、维权!
