"Tea" app - user database leaked today (incl. drivers license & IDs). Daily reminder not to give your ID to online services [THEY DO NOT PROTECT YOUR INFORMATION]
Technology
95
Beiträge
63
Kommentatoren
709
Aufrufe
-
yes devs are either super green or even mostly AI
Solely blaming the devs tells me you have no experience with Firebase security
No I don't but if the firebase sucks isn't it devs job to be knowing this? They might have warned their supervisors and simply disregarded, that is also another possibility in which case the blame obviously goes to higher up not the devs.
-
That's exactly what hacking is.
'90s hacking movies may have given you a different idea of what cybersecurity looks like, but this is what the real world is like
Also, Google deserves a scolding here. Firebase's default configuration is absolutely atrocious. One of the few critical vulnerabilities I've seen where the system is working as intended. Dubbed the hospital gown vuknerability because they leave the backend wide open by default
I mean this is just writing a script to access a public database, this is not even exploiting a code vulnerability. So there is an area between digital number waterfalls on the screen and accessing a public database which I would consider more of hacking.
-
Any government already has all of that information, so, no.
By giving it to a company, you just increase the risks of info leakage.
I assume OP actually meant the additional info the government can get from where I authenticate with my goverment ID to a company.
Hypothecial situation: You wanna buy a sex toy.
If the goverment does store where and what you buy, they could punish you by withholding services.
And they might not say why and give a bs excuse or send you on a goose hunt to do more paperwork.
You can suspect that but probably never proof that it was the case. -
That's exactly what hacking is.
'90s hacking movies may have given you a different idea of what cybersecurity looks like, but this is what the real world is like
Also, Google deserves a scolding here. Firebase's default configuration is absolutely atrocious. One of the few critical vulnerabilities I've seen where the system is working as intended. Dubbed the hospital gown vuknerability because they leave the backend wide open by default
Firebase's default configuration
I'm going to get on my grumpy old man soapbox. I understand making things idiot proof for end users. End users are idiots. But do we have to make things super safe for developers now too? Do we want to add a warning to rm so we don't accidentally remove the wrong directory?
Any developer who doesn't know to check permissions and accessibility on their database deserves to have their AI vibe coding bot taken away.
-
Nice site you got there! Made from scratch or using some service/app?
Thanks. Built from scratch.
-
Remember the UK new safety law.
https://techcrunch.com/2025/07/15/reddit-rolls-out-age-verification-in-the-uk-to-comply-with-new-rules/
Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan
“DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!” the thread read before being deleted.
404 Media (www.404media.co)
I understand the reasoning for the public intent of the app and would generally support it within reason cause society right now amirite.. but its not so subtle real world application has now leaked a DB of catty women for whom the majority ALSO show massive red flags. This isn't a sexist men vs women critique, if there was an app for men to rate women and dox them I'd feel the same way. Love it when shitty people bamboozle themselves.
-
Just goes to show how lost you are in your feminist supremacy bubble, that even leftist spaces like lemmy think this thing is creepy.
This already happened in my country, Secret was an app that got huge while I was finishing high school, an anonymous platform for people to confess private stuff, it rapidly became bully culture and libel central.
Alright, but none of that was really relevant to this comment. Why are you soapboxing on it?
-
Oh yes the famous state of Colorado UK.
UK driving licences do not look like that, they don't have US states on them (major clue), are green, and if the person in the photo actually looks like a living human and not corpse, it gets sent back as unacceptable.
Actually UK licenses are pink. Provisionals are green
-
I can't wait till I read a similar article about porn sites; especially one where the doxxed individuals are politicians.
I mean, we kinda already ended up there with the Ashley Madison hack in 2015. Problems with that site aside, I feel like it's kinda the blueprint for everything wrong with companies that retain personally identifable info on folks. If a company collects details like your driver's license, it's not a question of if it gets out but when. There's just no way to collect that sort of data and truly keep it safe.
But, it seems like we've kinda forgotten how to learn lessons in the modern day, so I'm sure this was an isolated issue and we'll never see it's like again.
(/s on that last part, just in case that wasn't blindingly obvious.)
-
Remember the UK new safety law.
https://techcrunch.com/2025/07/15/reddit-rolls-out-age-verification-in-the-uk-to-comply-with-new-rules/
Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan
“DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!” the thread read before being deleted.
404 Media (www.404media.co)
What use is American personal info to a German anon?
-
I understand the reasoning for the public intent of the app and would generally support it within reason cause society right now amirite.. but its not so subtle real world application has now leaked a DB of catty women for whom the majority ALSO show massive red flags. This isn't a sexist men vs women critique, if there was an app for men to rate women and dox them I'd feel the same way. Love it when shitty people bamboozle themselves.
I mean it's even in the app name that it's not about protecting women and keeping them safe, it's literally about "spilling the tea" aka gossip. It's pretty gross and can be used for nonconsenual sharing of images and even slander too since there's no way to know if what someone is writing on there about someone is true or not.
-
What's the alternative to warning strangers about predators?
What about people who don't use this app, do they not deserve to be protected, do they deserve to suffer because they didn't use this app?
Let's be real, this app is about gossip, it's not about protecting women and keeping them safe, it's literally in the name it's about "spilling the tea" aka gossip.
-
The drivers license thing is likely due to a law passed by the UK a few days ago requires all mature content to be behind an age check. And not a "Are you 18: Yes / No", more like "we will check using ID and photos of you".
It's the most hated piece of legislation in a while, with already 100 000 petition votes in 3 days to repeal it.
Almost 250k petition votes now, 150k more votes in the past day alone.
-
What's the alternative to warning strangers about predators?
I hear that, I just don't think this is the way to go about it. Digital reputation system that lives on some corporate dataset is just ripe for terrible problems. It's terrible for everyone's privacy when we normalize this shit.
-
Alright, but none of that was really relevant to this comment. Why are you soapboxing on it?
You sort of started it with your comment. I don't want to be around people that feel the need to document everything on a website. Please inform those around you so they can decide to opt out.
-
Remember the UK new safety law.
https://techcrunch.com/2025/07/15/reddit-rolls-out-age-verification-in-the-uk-to-comply-with-new-rules/
Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan
“DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!” the thread read before being deleted.
404 Media (www.404media.co)
It was literally just a gossip site.
Glad it got what it deserved, even if 4channers suck.
The male version of this got shut down too. -
Yes, trying to warn other women about a man you dated who abused you or gave off weird vibes is definitely the same as getting your nudes or porn video of yourself leaked against your will onto the public internet for everyone to see
Oh hey look, the straw man is waving at you
-
What use is American personal info to a German anon?
Congrats, dumbest take you could have on this.
-
Remember the UK new safety law.
https://techcrunch.com/2025/07/15/reddit-rolls-out-age-verification-in-the-uk-to-comply-with-new-rules/
Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan
“DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!” the thread read before being deleted.
404 Media (www.404media.co)
A public S3 bucket? Whoever used the app should start a class action lawsuit, this is beyond misconduct.
-
A public S3 bucket? Whoever used the app should start a class action lawsuit, this is beyond misconduct.
Imagine the other gaping security holes in this thing if storing all the data on a public s3 bucket flew under the radar until after release.
