Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus
Summary
Vibe-coding platform Lovable is denying a data leak reported by a researcher, initially attributing the exposure of user credentials, chat history, and source code to "intentional behavior." The company then shifted blame to its bug-bounty service, HackerOne, after initially claiming the issue was due to "unclear documentation."
IFF Assessment
This is bad news for defenders as it highlights a company's poor response to a vulnerability, potentially leaving user data exposed and fostering distrust in security reporting mechanisms.
Defender Context
This incident serves as a cautionary tale for defenders regarding the importance of a transparent and responsible disclosure process. It underscores the need for organizations to have robust incident response plans and to avoid deflecting blame when security flaws are identified.