Lovable, a popular app for building websites with AI, is facing significant cybersecurity issues due to an unresolved flaw allowing unauthorized access to user data, including sensitive information. A report revealed that many Lovable-generated apps suffer from this critical security issue, raising alarm among users and experts. Despite introducing a security scanner, the solution does not adequately address the vulnerabilities. Notable incidents involved unauthorized access to personal information by users in under an hour, prompting experts to warn against trusting such platforms with personal data. Users have grown increasingly concerned due to the lack of remediation or notification from Lovable.
Lovable later introduced a 'security scanner,' but it merely checks for the existence of any [row level security] policy, not its correctness or alignment with application logic.
This isn't a breach story (I reported it), this is a wake-up call. Be cautious which 'vibe coder' you trust with your personal data.
Collection
[
|
...
]