"Nvidia, Microsoft, Uber, and Spotify employees all have accounts. The bug was reported 48 days ago. It's not fixed. They marked it as duplicate and left it open."
"Unfortunately, in February, while unifying permissions in our backend, we accidentally re-enabled access to chats on public projects. Upon learning this, we immediately reverted the change to make all public projects' chats private again."
"This incident is another unfortunate example of lacking secure defaults and a failure to threat model for the automated and AI age."
Lovable faced a significant security issue when a user reported a mass data breach affecting all projects created before November 2025. The breach allegedly allowed access to user code, AI chat histories, and customer data. Lovable initially denied the breach, stating that public project visibility was intentional. After backlash, the company acknowledged a security error that re-enabled access to chats on public projects. They reverted the change and emphasized the importance of secure defaults in the AI age, while some users appreciated their transparency.
Read at www.businessinsider.com
Unable to calculate read time
Collection
[
|
...
]