The vibe-coding platform Lovable.dev is sitting on a ticking data exposure bomb — and it's been ticking for 48 days.
A security researcher going by @weezerOSINT published a thread on X today revealing that a critical Broken Object Level Authorization (BOLA) flaw in Lovable's API allows any free account — created in minutes — to access the source code, database credentials, AI chat histories, and customer data belonging to other users.
The vulnerability affects every project created before November 2025, potentially exposing tens of thousands of developers and their end users.
BOLA — ranked #1 on OWASP's API Security Top 10 — occurs when an API verifies that a user is logged in, but doesn't check whether that user actually owns the resource they're requesting. In Lovable's case, the /projects/{id}/* endpoints verify Firebase authentication tokens but skip ownership checks entirely. That single gap is enough to bring the entire platform's project history within reach of anyone with a free account.
The researcher demonstrated just how severe this is by accessing an active admin panel for Connected Women in AI, a Danish nonprofit with over 3,700 developer edits in 2026 alone — clearly not abandoned.
From there, the source code revealed hardcoded Supabase credentials, which were used to query the live database and pull real names, job titles, LinkedIn profiles, and Stripe customer IDs belonging to real professionals from Accenture Denmark and Copenhagen Business School. "This is not hacking. This is five API calls from a free account."
The damage doesn't stop at source code. Because Lovable stores the full AI conversation history tied to each project, an attacker can read every prompt a developer ever sent — including pasted error logs, business logic discussions, and credentials shared mid-session. In one retrieved chat, a developer had walked Lovable's AI through building database tables containing email, date_of_birth, stripe_customer_id, and more. All of it, readable.
The bug was first reported on HackerOne on March 3, 2026 — 48 days ago. Lovable triaged it. Then they shipped ownership checks for new projects and quietly left every pre-existing project wide open.
When the researcher filed a second report documenting additional affected endpoints, Lovable marked it a duplicate and closed it. As of today, a project created in April 2026 returns 403 Forbidden.
Lovable's response was characterized as "sophisticated" in some circles, but the researcher's findings suggest the opposite: the company chose to protect new users and simply abandoned everyone who already built on the platform.
Yesterday, Vercel disclosed its own security incident. Vercel traced the intrusion to Context.ai, a third-party AI tool used by an employee, where a compromised Google Workspace OAuth connection allowed attackers to escalate access into Vercel's internal environments.
A threat actor using the ShinyHunters name subsequently listed stolen Vercel data — reportedly including API keys, source code, and employee records — for sale on BreachForums for $2 million. As Cyber Kendra reported, Vercel has engaged incident response experts and notified law enforcement, warning the breach may affect hundreds of users across many organizations.
Taken together, both incidents point to a broader structural problem in AI-assisted development platforms: security is bolted on after the fact, if at all.
Security firm Symbiotic noted it bluntly: "Telling developers to review security before publishing doesn't work when those developers chose AI tools because they're not security experts."
What Lovable users should do right now:
- Rotate all database credentials immediately, especially Supabase API keys embedded in your project source.
- Audit your AI chat history for any credentials, API keys, or sensitive data you may have pasted mid-session.
- Set projects to private where possible — though as the researcher notes, free-tier users cannot do this on Lovable.
- Assume your pre-November 2025 project source code is already public and act accordingly.
Lovable has not issued a public statement as of this writing. Affected developers are advised not to wait for one.