Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: The Hottest New Vibe Coding Startup May Be a Sitting Duck For Hackers

Link: https://it.slashdot.org/story/25/05/30/181024...

Lovable, a Swedish startup that allows users to create websites and apps
through natural language prompts, failed to address a critical security
vulnerability for months after being notified, according to a new report. A
study by Replit employees found that 170 of 1,645 Lovable-created
applications exposed sensitive user information including names, email
addresses, financial data, and API keys that could allow hackers to run up
charges on customers' accounts. The vulnerability, published this week in the
National Vulnerabilities Database, stems from misconfigured Supabase
databases that Lovable's AI-generated code connects to for storing user data.
Despite being alerted to the problem in March, Lovable initially dismissed
concerns and only later implemented a limited security scan that checks
whether database access controls are enabled but cannot determine if they are
properly configured.

Read more of this story at Slashdot.

---
VRSS v2.1.180528