Forwarded from CyberPeople
Wild: vibe-coded Tea App that positioned itself as the "safest" app for women just leaked 59.3 GB of selfies, IDs, and private DMs 😳
The Tea App was designed to protect women.
Instead, it just exposed 72,000 images - selfies, driver's licenses, location data.
Because someone forgot to secure the storage bucket.
Literally: no password, no encryption, no nothing 🤯
The crazy part?
This wasn't some elite hacker attack.
It was basic negligence - amateur AI-generated code deployed at scale without security reviews.
Prompt: “Build a dating app with selfie verification.”
Output: Firebase bucket wide open to the internet 🫠
Tea marketed itself as a “whisper network” to warn women about dangerous men.
→ Now that data is circulating on 4chan and Reddit.
→ Complete with searchable maps.
→ Doxxing. Harassment. Identity theft.
→ All from an app that promised protection.
What went wrong? Everything:
↳ AI-built code with no guardrails
↳ Misconfigured Firebase (again)
↳ Mandatory ID uploads never deleted
↳ Viral growth with zero time for audits
↳ And a growing trend of devs shipping based on "vibes," not security
Let’s be clear: this isn’t just a data breach. It’s betrayal.
Women uploaded their most sensitive information to feel safer.
Instead, they were exposed.
Because the developers cut corners - possibly with AI, definitely without care.
The Tea App was designed to protect women.
Instead, it just exposed 72,000 images - selfies, driver's licenses, location data.
Because someone forgot to secure the storage bucket.
Literally: no password, no encryption, no nothing 🤯
The crazy part?
This wasn't some elite hacker attack.
It was basic negligence - amateur AI-generated code deployed at scale without security reviews.
Prompt: “Build a dating app with selfie verification.”
Output: Firebase bucket wide open to the internet 🫠
Tea marketed itself as a “whisper network” to warn women about dangerous men.
→ Now that data is circulating on 4chan and Reddit.
→ Complete with searchable maps.
→ Doxxing. Harassment. Identity theft.
→ All from an app that promised protection.
What went wrong? Everything:
↳ AI-built code with no guardrails
↳ Misconfigured Firebase (again)
↳ Mandatory ID uploads never deleted
↳ Viral growth with zero time for audits
↳ And a growing trend of devs shipping based on "vibes," not security
Let’s be clear: this isn’t just a data breach. It’s betrayal.
Women uploaded their most sensitive information to feel safer.
Instead, they were exposed.
Because the developers cut corners - possibly with AI, definitely without care.
❤7😁1
Forwarded from Clash Report
This media is not supported in your browser
VIEW IN TELEGRAM
Trump on Epstein:
I never went to his island. I never had the privilege of going to his island. I turned it down.
I never went to his island. I never had the privilege of going to his island. I turned it down.
🔥7