Brief IA

Lovable denies data breach but admits to errors

💻 Code & Dev·Tom Levy·

Lovable denies data breach but admits to errors

Lovable denies data breach but admits to errors
Key Takeaways
1Lovable, a Swedish startup, denies a data breach following accusations of exposing user information.
2An anonymous user claims to have accessed other customers' data, posting evidence on X.
3Lovable admits to unclear communication regarding data visibility but assures that public projects are no longer accessible.
💡Why it mattersUser trust in Lovable could be shaken, impacting its reputation and future growth.
Le brief IA que lisent les pros

Le brief IA que les pros lisent chaque soir

Les 7 actus IA du jour, décryptées en 5 min. Gratuit.

Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.

Choisis ton rythme

Gratuit · Pas de spam · Désabonnement en 1 clic

📄
Full Analysis

Lovable Faces Data Leak Accusations

The Swedish startup Lovable, specializing in vibe-coding, has recently found itself at the center of a controversy regarding a potential data leak. Online posts have claimed that chat histories and personal information of users were exposed. An anonymous user stated on X that they were able to access information from other clients after creating a free account.

This user specified that "every conversation with Lovable's AI is stored and readable," adding that the issue had been reported 48 days ago without a fix. The bug was marked as a duplicate and left open. The post quickly gained traction, reaching over 500,000 views.

Lovable's Response

In response, Lovable denied any data breach but acknowledged a lack of clarity in its communication regarding how user data could be accessed. "To be clear: we have not suffered a data breach," the company stated on X. They admitted that their documentation on the meaning of "public" was vague.

Founded in 2024, Lovable allows users to create applications and websites without coding skills and has raised over $500 million in funding from investors such as Accel, Creandum, 20VC, and EQT. The user behind the accusations claimed to have downloaded the source code of a website and accessed personal information such as email addresses and birth dates. Screenshots shared by the user on X appear to confirm the data exposure.

Corrective Measures

Lovable clarified that chat messages between users with public projects were visible, but this is no longer the case. As of May 25, 2025, the option to set visibility to public for new projects has been disabled for enterprise clients.

The company also announced a partnership with Aikido to provide penetration testing, enhancing the security of applications and websites created through Lovable. These measures come as Lovable rolls out a product update, amid increasing competition from Anthropic.

Lovable issued an additional statement indicating that their initial response did not adequately address the error. Platform staff worked overnight to deploy this update, as evidence emerged last week suggesting that the American AI giant Anthropic was building a competitor to its core offering.

Brief IA — L'actualité IA en français

L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.