Lovable Denies Data Breach After User Exposes Security Flaw in AI Coding Platform Swedish no-code startup Lovable has refuted claims of a mass data breach after an anonymous user alleged that sensitive user information including chat histories, emails, names, and dates of birth was accessible through a security flaw. The incident surfaced on X (formerly Twitter) when the user demonstrated how they could view and download other customers’ project data, including full chat logs and website source code, simply by creating a free account. The user, who reported the bug 48 days prior, claimed Lovable had marked the issue as a duplicate and left it unresolved. Their post, viewed over 500,000 times by 6 PM BST, included screenshots appearing to confirm the exposure. Lovable responded hours later, denying a breach but acknowledging poor communication about data visibility settings. The company stated that while public project chats were once visible, this functionality had since been disabled though only for enterprise customers as of May 25, 2025. Founded in 2024, Lovable enables users to build apps and websites without coding, backed by $500 million in funding from investors like Accel, Creandum, and EQT. The incident coincides with the company’s recent partnership with security firm Aikido to offer penetration testing for user-built applications, as well as internal pressure to accelerate product updates amid reports that rival Anthropic is developing a competing tool.