Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus

A lesson in how not to respond to vulnerability reports

Vibe-coding platform Lovable is pooh-poohing a researcher’s finding that anyone could open a free account on the service and read other users' sensitive info, including credentials, chat history, and source code. However, the company’s story keeps changing: First it attributed the publicly exposed info to "intentional behavior" and "unclear documentation," then threw bug-bounty service HackerOne under the bus.…