this post was submitted on 25 Jul 2025
567 points (98.3% liked)

Technology

73232 readers
4264 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
567
Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan (www.404media.co)
submitted 1 day ago by bytesonbike@discuss.online to c/technology@lemmy.world
179 comments fedilink hide all child comments
 

Users from 4chan claim to have discovered an exposed database hosted on Google’s mobile app development platform, Firebase, belonging to the newly popular women’s dating safety app Tea. Users say they are rifling through peoples’ personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media.

(page 3) 50 comments
sorted by: hot top controversial new old
[–] ChickenAndRice@sh.itjust.works 41 points 1 day ago

[–] SaltySalamander@fedia.io 42 points 1 day ago (7 children)

No sympathy from me whatsoever. The app was designed to allow these women to anonymously post personal information about other people. Fuck 'em. Turnabout is fair play. As my kindergarten teacher used to say, "you get what you get and you don't pitch a fit".

[–] wizbiz@lemmy.blahaj.zone 1 points 16 hours ago

How dare they warn other women about rapists.

load more comments (6 replies)
[–] sp3ctr4l@lemmy.dbzer0.com 98 points 1 day ago* (last edited 1 day ago) (11 children)

Wow that was fast.

I did not even know this app existed untill about 8 hours ago.

Already comprimised.

EDIT: Also, lol, this arguably is not even largely a hack.

These idiots just had everything stored in a fucking publically accesible firebase bucket... amazing.

They didn't delete anything they claimed to.

Either way you look at it, anywhere on the spectrum from:

A ] A bunch of women reasonably concerned for their safety

B ] A bunch of gossip mongers

... well, they've now all been doxxed, ironic from each angle.

What a fucking disaster.

load more comments (11 replies)
[–] sunglocto@lemmy.dbzer0.com 202 points 1 day ago (9 children)

This is what happens when you decide to vibecode a service with zero attention to safety or web development. This is why you don't immediately jump onto a new service without it being vetted properly. Now one of the worst communities on the Internet is in possession of over a hundred thousand women's driving licenses and faces. This is going to be an absolute disaster.

[–] Darrell_Winfield@lemmy.world 149 points 1 day ago (3 children)

This is ALSO why no service should ever require or get my driver's license information. Fuck that. Also, yet another Constance to those who can't afford a car or want to improve the environment by living car free.

[–] shiroininja@lemmy.world 27 points 1 day ago (1 children)

My only exception to that are uber drivers. But then again we live in an age where somehow better help has become popular, even though they sell your data.

load more comments (1 replies)
load more comments (2 replies)
[–] 4am@lemmy.zip 59 points 1 day ago (2 children)

Now now, I like to shit on vibecoders too but let’s not pretend this is some new problem.

Idiots leave databases on cloud servers exposed all the time rather than deal with their companies often arcane rules for generating certificates

[–] Passerby6497@lemmy.world 3 points 19 hours ago (1 children)

Where do you think the AI learned it?

Like, I get that competent coders do it too, but now any skiddie with an idea can cosplay as a developer so this is going to be so much more prevelant

[–] Maeve@kbin.earth 1 points 14 hours ago

That's not new, either.

load more comments (1 replies)
[–] panda_abyss@lemmy.ca 23 points 1 day ago

To be fair, I’m not sure why firebase even has a public access option. That’s a recipe for issues.

Though if it’s anything like Google Cloud Store, they hopefully make it very clear that your bucket is public.

[–] Eheran@lemmy.world 20 points 1 day ago (10 children)

How is something "vetted properly" and how do I find out about that?

[–] thymos@discuss.tchncs.de 6 points 21 hours ago

This is something I worry about all the time as well, especially since I've started to learn how to code and experienced how easy it is to mess up and send a list with all registered users to everyone opening a page. (This was in a test environment.)

As a user, there is no proper way I know of to verify an app's security. Most apps are closed source, but even if you could view the code, what would you look for?

Both Apple and Google have a verification process for apps that are published in their app stores, but if these worked, we wouldn't see this happening.

There are academic researchers working on apps and privacy as well, but it's not like you can ask them for a report on an app you're thinking of installing.

I think it basically comes down to trust. Check if a developer has messed up in the past and how they dealt with that, that sort of stuff. And for dating apps there is this interesting article: https://www.privacyguides.org/articles/2025/06/24/queer-dating-apps-beware-who-you-trust/#reducing-the-risks-when-using-dating-apps

It's a long read (haven't fully read it myself yet) and it paints a bleak picture, but that's the world we live in today.

[–] Hupf@feddit.org 21 points 1 day ago

You wait a while until something like this happens.

load more comments (8 replies)
load more comments (5 replies)
[–] Wispy2891@lemmy.world 47 points 1 day ago

Protecting our users' privacy and data is our highest priority. We are taking every necessary step to ensure the security of our platform

Since sensitive data was put on a public bucket, maybe they meant it was their lowest priority?

[–] LibertyLizard@slrpnk.net 105 points 1 day ago (1 children)

I would not under any circumstances give my drivers license to a for profit app. I don’t even like to give my email.

[–] lady_maria@lemmy.world 38 points 1 day ago (4 children)

apparently there's some law in the UK that mandates it now 🙄

[–] kalpol@lemmy.ca 4 points 20 hours ago

Also California

[–] 4am@lemmy.zip 32 points 1 day ago (3 children)

Well UK, have the day you voted for I guess

[–] HereIAm@lemmy.world 17 points 1 day ago (1 children)

Unfortunately this is the better of the two main parties. This isn't republicans winning because dems didn't vote. Labour won, and this still went through. The UK government as a whole has been on an anti porn brigade for decades. I can't wait for the day labour and the Tories just die off.

load more comments (1 replies)
[–] tabular@lemmy.world 14 points 1 day ago (1 children)

I'd like to blame the voting system for the lack of meaningful voting options.

[–] echodot@feddit.uk 1 points 19 hours ago

Ed Davey, I can't imagine Bad Enoch doing anything and Labour were the ones to implement this.

load more comments (1 replies)
[–] Blackmist@feddit.uk 12 points 1 day ago (1 children)

Thank fuck for VPNs, although it now wants to show me hot milfs in Brussels.

load more comments (1 replies)
load more comments (1 replies)
[–] ToiletFlushShowerScream@lemmy.world 76 points 1 day ago

Not sure if this is ironic that the users are now less safe after using the safety app. But I still feel bad for the users. Dating is hard enough without the fear of being harmed.

[–] bytesonbike@discuss.online 49 points 1 day ago (9 children)

My friend came over and told me a story about this crazy date she was on. The guy love bombs her, sets her up with a massage, then in the morning, goes out and eats McDonalds alone and ghosts her. Then repeats every few weeks with love bombs.

I shared that with my discord group and someone said they know that guy too.

Im assuming that's what Tea is for.

[–] Aqarius@lemmy.world 3 points 21 hours ago

...eats McDonalds alone and ghosts her. Then repeats every few weeks with love bombs

Something something "cheat day"

load more comments (8 replies)
[–] zkfcfbzr@lemmy.world 27 points 1 day ago (3 children)

I thought 4chan shut down permanently like 2 months ago?

[–] SnotFlickerman@lemmy.blahaj.zone 47 points 1 day ago

Cancer can return after going into remission for a while.

[–] 4am@lemmy.zip 18 points 1 day ago

Nah they came back online after like 2 weeks I think?

load more comments (1 replies)
load more comments
view more: ‹ prev next ›