Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail
Main Idea
The women-only dating safety app Tea suffered a massive data breach due to unsecured backend databases, exposing over 72,000 private images and DMs, attributed to poor development practices including 'vibe coding' with AI tools.
Key Points
1. Tea's unsecured backend database led to a leak of 59.3 GB of data, including 13,000+ verification selfies and government IDs, as well as tens of thousands of images from messages and posts.
2. The app, which had recently gone viral with over 4 million users, required government ID and selfie uploads for verification, claiming compliance with law enforcement for cyber-bullying investigations.
3. The breach was caused by 'vibe coding,' where developers used AI tools like ChatGPT to generate code without proper authentication, leaving the Firebase bucket publicly accessible.
4. Researchers found that 48% of AI-generated code contains exploitable flaws, yet 25% of Y Combinator startups use AI for their backend development, raising concerns about security risks.
5. The incident highlights broader issues with AI-generated code security, including 'slopsquatting,' where hackers exploit non-existent packages suggested by AI, leading to vulnerabilities.
Description
Tea required users to upload an ID and selfie, supposedly to keep out fake accounts and non-women. Now those documents are in the wild.
Latest News
- Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail2025-07-25 22:42:01
- DOJ Is Considering Charging Crypto VC Firm Dragonfly in Connection With Tornado Cash2025-07-25 21:45:19
- XRP Erases Gains Following New Record—Does It Still Have Room to Run?2025-07-25 21:42:01
- One of the Biggest Bitcoin Whales in History Just Cashed Out $9 Billion2025-07-25 21:10:40
- Public Keys: Strategy Stretches Bitcoin Raise and BlackRock’s Ethereum ETF Hits Warp Speed2025-07-25 20:15:45