Tea App A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating
Technology
114
Beiträge
58
Kommentatoren
606
Aufrufe
-
This sounds like victim-blaming. This website didn't even secure their database with a password. Come on. I'm sure their privacy policy gave the standard promises about storing their private data in a secure way, which they did not do.
I'm sure their privacy policy gave the standard promises about storing their private data in a secure way, which they did not do.
Their ToS can be found here. Section G of their Limitation of Liability tries to shield them from liability against data breaches. But if they were criminally negligent, the ToS won’t protect them. The Data Protection section basically just says “check our Privacy Policy for info on what we collect”, which is pretty standard fare for a ToS.
The Security section of their Privacy Policy is also extremely boilerplate. Here’s the entire thing:
Security of Your Personal Information
The security of your Personal Information is important to us. When you enter sensitive information (such as credit card number) on our Services, we encrypt that information using secure socket layer technology (SSL).Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please be aware, however, that despite our efforts, no security measures are impenetrable.If you use a password on the Services, you are responsible for keeping it confidential. Do not share it with any other person. If you believe your password has been misused, please notify us immediately.This one particular sentence may end up burning them though:
Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction.
I think most people (and the courts) would agree that putting a password on your database is a reasonable security measure that would be expected per this Privacy Policy. Especially since their next sentence goes on to elucidate that users should keep their passwords confidential.
-
I’d say it’s not fine in a test environment, because then your test env S3 bucket is publicly available.
Yeah I could see it being left like this for an hour or so while someone finds out what the actual security configurations are supposed to be, during which time it wouldn't have any data in it. But to leave it like this for any period of time is ridiculous and to release it like this is criminal.
-
I don’t even think you can do this via the API
Someone never heard of terraform & similar configuration management software?
They enable configuration as code, which can be vibe coded.
Practically anything online can be configured via API, especially cloud services.I'm pretty certain you would still get the constant emails though. I don't think there's a way to turn those off other than to secure the bucket.
Anyway I still maintain that an AI wouldn't have made this mistake so the fact the mistake was made kind of implies that it wasn't vibe coded.
-
Tea app leak worsens with second database exposing user chats
The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members.
BleepingComputer (www.bleepingcomputer.com)
What is/was the Tea app actually like? - r/AskWomen
View on Redlib, an alternative private front-end to Reddit.
(redlib.orangenet.cc)
This is why age verification is dangerous.
If a company can just forget to delete you ID picture, it will happen... -
I guess if you think "This dude acts kinda rapey" qualifies as "personal information".
for "this dude" to have any meaning to anyone, there needs to be a name attached at the very least.
that alone is personal information.
personal information is any information that can be used to uniquely identify a natural person.
this app was nothing but personal information being deliberately spread without the persons consent.
man am i glad this sort of bullshit isn't even up for discussion in the EU...what an absolute nightmare for privacy...
-
How are you defining "doxing" here?
Its traditional definition works fine for this.
Just because women are doing it doesn't make it right.
-
Everyone is talking about the poor security practices, which is fair. Or they are talking about the appropriateness of such an app existing, which is also fair.
But the immediate take away should be, especially in today’s political environment, that we cannot and should not trust sensitive data that leaves our device, particularly if you are of any kind of non privileged group.
And also men are vicious trash goblins.
-
Tea app leak worsens with second database exposing user chats
The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members.
BleepingComputer (www.bleepingcomputer.com)
What is/was the Tea app actually like? - r/AskWomen
View on Redlib, an alternative private front-end to Reddit.
(redlib.orangenet.cc)
Sir, a second plane.meme
-
Don't want your information on the internet? don't upload it to anyone on or over the internet, it really is a fucking simple concept.
And live in a cave!
It would be nice if also they secured data too.
-
Don't want your information on the internet? don't upload it to anyone on or over the internet, it really is a fucking simple concept.
don't upload it to the internet!
or use a smart phone
or corporate searches that track you
or go to any website with ads - they track you
hell don't even search the internet! your ISP tracks dns requests
or use a modern tv that tracks what is on your screen
or you can do custom phone from - just unlock the bootloader, root it, and install! then just setup pihole/adguard/self-host everything
it's simple, for privacy just go live in a yurt in the woods to not be tracked 24/7
-
Yeah I could see it being left like this for an hour or so while someone finds out what the actual security configurations are supposed to be, during which time it wouldn't have any data in it. But to leave it like this for any period of time is ridiculous and to release it like this is criminal.
I’m sorry, no - this is something you just simply don’t so.
Source: most of my career
-
Tea app leak worsens with second database exposing user chats
The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members.
BleepingComputer (www.bleepingcomputer.com)
What is/was the Tea app actually like? - r/AskWomen
View on Redlib, an alternative private front-end to Reddit.
(redlib.orangenet.cc)
I never thought there would be a dating intel war going on and this the second time too.
-
And also men are vicious trash goblins.
You’re not adding much to the “this app is appropriate” argument.
-
Its traditional definition works fine for this.
Just because women are doing it doesn't make it right.
So, they're compiling and publicly releasing the personally identifying information of someone in order to facilitate stalking, intimidation or extortion? That's not what I'd heard the app was used for.
-
You’re not adding much to the “this app is appropriate” argument.
Well the point of the app was to identify the small percentage of men who do most raoe Nd stuff, and even if the law wouldnt stop them, help potential victims avoid them, so as to not have to be guarded around every man one meets like hes a potential vicious rape monster, because some just are.
Im saying all men are garbage, and the fundamental oremise that you can under any conditions act like any number of men are human is foolish and likely to get you hurt. Which i think this situation show.
-
Well the point of the app was to identify the small percentage of men who do most raoe Nd stuff, and even if the law wouldnt stop them, help potential victims avoid them, so as to not have to be guarded around every man one meets like hes a potential vicious rape monster, because some just are.
Im saying all men are garbage, and the fundamental oremise that you can under any conditions act like any number of men are human is foolish and likely to get you hurt. Which i think this situation show.
I don’t think anyone questions the “point” of the app. But the devil, as they say, is in the details.
-
I don’t think anyone questions the “point” of the app. But the devil, as they say, is in the details.
Yeah. That all men are trash; avoiding the bad ones just leaves you with fred rogers and probably a second one at some point idk.
-
I was today years old when I learned that Ashley Madison is still in operation
There's money in extortion, who knew!
-
Tea app leak worsens with second database exposing user chats
The Tea app data breach has grown into an even larger leak, with the stolen data now shared on hacking forums and a second database discovered that allegedly contains 1.1 million private messages exchanged between the app's members.
BleepingComputer (www.bleepingcomputer.com)
What is/was the Tea app actually like? - r/AskWomen
View on Redlib, an alternative private front-end to Reddit.
(redlib.orangenet.cc)
On the one hand, sucks that a leak like this even happens anymore, no one deserves to be doxxed like that. On the other hand, I struggle to feel bad for the users of the doxxing app getting doxxed in return...
-
There are no private spaces online, your privacy is at the whim of whoever owns the servers and whatever government controls them.
Unless you're using end to end encrypted communication with people you know and trust you should assume that everything you do online has your actual name and face attached to it.
I do agree that it sucks.
There should be laws, with criminal consequences, that protect our privacy but essentially every government is of the opinion that actual privacy should never exist online because they think it's better to sacrifice everyone's privacy than to let a single criminal go undetected.
This is why you see all Western governments simultaneously running "think of the children" campaigns as they slowly manuver the Internet into requiring every device be identifiable and linked to a person.
This is why the end-to-end encrypted communication providers are also being pressured right now. Because with systems built using encryption to enforce the rules are actually private.
Governments know this, as they heavily rely on encrypted communication systems. They just don't want anybody else to have that privilege.
There are no private spaces online,
your privacy is at the whim of whoever owns the servers
Which is it? It logically cant be both. I own at least a dozen servers.
