Vibe coding service Lovable accused of hosting malware-ridden apps exposing thousands of users — it says they should take more care
A security researcher found that one app showcased on vibe coding platform Lovable exposed over 18,000 user records — including teachers and students — through a simple logic error that inverted access controls, letting anyone view data, delete accounts, and change grades without logging in. A broader scan of 1,645 Lovable-built apps found 170 with critical flaws. The researcher coined the term "vibe hacking" to describe how even low-skill attackers can exploit AI-generated code that defaults to functionality over security. Lovable says it offers free security scans before publishing, but admits it's up to developers whether to act on them.