A security researcher signs up for a free account on Lovable. Five API calls later, source code, database credentials, AI chat histories, even customer data from Nvidia, Microsoft, Uber, and Spotify employees spill out. No exploits. No zero-days. Just public projects anyone could browse.
This isn’t fiction. It’s what @weezerOSINT demonstrated on April 20, 2026, claiming a ‘mass data breach’ hitting every Lovable project before November 2025. The post racked up nearly two million views. Developers panicked. Credentials rotated. Questions mounted.
Lovable, the Stockholm-based ‘vibe-coding’ sensation valued at $6.6 billion after a $330 million Series B, fired back fast. ‘To be clear: We did not suffer a data breach,’ the company posted on X. Documentation on ‘public’ projects was unclear, they said. Chats used to be visible there. Code visibility? Intentional, like GitHub public repos. Enterprise users lost public options back in May 2025.
But the story shifted. Hours later, a follow-up admission: An accidental backend tweak in February re-enabled chat access on old public projects. HackerOne reports got closed as duplicates—partners mistook it for design. Fixed now, Lovable insisted. ‘We’ll do better.’
From GitHub Dreams to API Nightmares
Lovable lets anyone build apps by chatting with AI. Founded in 2024, it exploded. Over $500 million raised from Accel, Creandum, 20VC, EQT. Customers include Uber, Zendesk, Deutsche Telekom. Free tier hooked users; paid plans unlocked private projects.
Early on, public meant everything visible: chats, code, build history. Spark ideas, they thought—like scrolling Dribbble. Users disagreed. Many assumed public just shared the live app, not raw chats stuffed with secrets. Developers paste API keys, error logs, schemas into those conversations for context. Public? Boom. Exposed.
Timeline tells the tale. Free users couldn’t go private until May 2025. Enterprise public setting disabled then. December 2025: private by default everywhere. API patched retroactively—no chat access. February 2026: permissions unified. Chats re-exposed. March 3: first HackerOne report (#3583821). Closed without fix. April 20: public disclosure.
A classic Broken Object Level Authorization flaw, per OWASP. APIs lacked ownership checks. List projects. Pick one. Fetch contents. Free account suffices. Screenshots showed Supabase creds in code, PII in chats. ‘This is not hacking,’ @weezerOSINT wrote. ‘This is five API calls from a free account.’
HackerOne stayed mum initially. ‘Given the nature of customer programs… we’ll follow up,’ they told The Register. Lovable appreciated the researchers. But 48 days? That’s fuel for critics.
Pattern of Peril in Vibe-Coding Rush
It’s not isolated. February 2026: A Lovable-hosted EdTech app leaked 18,000+ records—teachers, students from UC Berkeley, K-12. Sixteen vulns, six critical. AI spat flawed row-level security. Users bore the blame, per platform policy. Scans exist, but devs must act.
Earlier shadows. CVE-2025-48757: 9.3 CVSS, 170+ apps hit. Default Supabase RLS gaps let attackers read/write tables. Scans check presence, not policy correctness. ‘Lovable 2.0’ promised fixes. Didn’t deliver fully.
Cybercriminals eyed Lovable too. August 2025: Proofpoint flagged MFA phishers, malware loaders using it for phishing kits, wallet drainers. Platform added AI guards, scans. But speed trumps scrutiny in vibe-coding.
Sifted noted the irony: Lovable staff pulled an all-nighter on a product update amid Anthropic rivalry rumors. Partnered with Aikido for pentests days prior. Yet here we are.
Economic Times echoed: Code public by design. Chats? Fixed. But trust? Shaken.
Researchers demand audits. Users check visibility now—private by default helps. Enterprise safe-ish. Free tier? Scan old projects. Rotate keys anyway.
Lovable’s hype machine rolls on. $400M+ ARR whispers. But this exposes the vibe-coding trap. AI builds fast. Humans secure slow. Public by default? Fine for READMEs. Deadly for chats with Stripe IDs.
Industry watches. Will Lovable own it fully? Or blame docs forever? Developers decide with their feet—and their data.
WebProNews is an iEntry Publication