Lovable denies data breach, says public settings are ‘intentional’
Lovable data breach: Stockholm-based AI app-building platform Lovable said it did not suffer a data breach after concerns surfaced over the visibility of chat messages and code in projects set to public.
By ETtech | Updated:
ETtech
Stockholm-based AI app-building platform Lovable said it did not suffer a data breach after concerns surfaced over the visibility of chat messages and code in projects set to public.
The startup acknowledged that its documentation around what “public” meant had been unclear.
In a statement posted on X on Monday, the company said it had been “made aware of concerns regarding the visibility of chat messages and code on Lovable projects with public visibility settings.” It added that the issue stemmed from unclear documentation rather than a security breach.
The statement follows disclosures by a researcher posting under the handle “impulsive” (@weezerOSINT), who went public with the issue after reporting it to the company more than six weeks ago.
In a series of posts on X, the researcher said he was able to access another developer’s active project, including its full source code, database credentials, customer records, AI chat histories and related data.
Lovable issues clarification on data breach
In response, Lovable said chat messages in public projects “used to be visible,” but added that this is “now no longer possible.”
The company drew a distinction between chat history and code, saying the visibility of code in public projects was intentional and consistent with the product’s design. It added that while it had experimented with different ways of surfacing build history, the core behaviour around code access had remained unchanged.
Lovable, founded in 2023, raised $330 million last December at a $6.6 billion valuation, according to a Reuters report.
The startup acknowledged that its documentation around what “public” meant had been unclear.
In a statement posted on X on Monday, the company said it had been “made aware of concerns regarding the visibility of chat messages and code on Lovable projects with public visibility settings.” It added that the issue stemmed from unclear documentation rather than a security breach.
The statement follows disclosures by a researcher posting under the handle “impulsive” (@weezerOSINT), who went public with the issue after reporting it to the company more than six weeks ago.
In a series of posts on X, the researcher said he was able to access another developer’s active project, including its full source code, database credentials, customer records, AI chat histories and related data.
ADVERTISEMENT
“This is not hacking,” the researcher wrote. “This is five API calls from a free account.”Lovable issues clarification on data breach
In response, Lovable said chat messages in public projects “used to be visible,” but added that this is “now no longer possible.”
The company drew a distinction between chat history and code, saying the visibility of code in public projects was intentional and consistent with the product’s design. It added that while it had experimented with different ways of surfacing build history, the core behaviour around code access had remained unchanged.
ADVERTISEMENT
The company also stated that enterprise customers have not been able to set new projects to public since May 25, 2025.Lovable, founded in 2023, raised $330 million last December at a $6.6 billion valuation, according to a Reuters report.
Download
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
The Economic Times Business News App for the Latest News in Business, Sensex, Stock Market Updates & More.
Download
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
The Economic Times News App for Quarterly Results, Latest News in ITR, Business, Share Market, Live Sensex News & More.
ADVERTISEMENT
