this post was submitted on 25 Jul 2025
605 points (97.9% liked)

Technology

73534 readers
2429 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
605
Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan (www.404media.co)
submitted 1 week ago by bytesonbike@discuss.online to c/technology@lemmy.world
250 comments fedilink hide all child comments
 

Users from 4chan claim to have discovered an exposed database hosted on Google’s mobile app development platform, Firebase, belonging to the newly popular women’s dating safety app Tea. Users say they are rifling through peoples’ personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media.

(page 2) 50 comments
sorted by: hot top controversial new old
[–] Clbull@lemmy.world 1 points 6 days ago* (last edited 6 days ago) (1 children)

Tea is the offshoot of all those "Are We Dating The Same Guy" Facebook groups where ladies gossip, talk shit, slander and creep-shame guys they went on dates with, sometimes throwing around false accusations maliciously to get men ostracized.

On one hand, damn these groups are toxic as fuck and that makes me feel a lot less sympathetic. But on the other hand, this is a textbook argument for why mandatory age verification laws need to be abolished. AWDTSG works as a way to keep women safe when it's used as intended but there are too many women that will slander men with false allegations purely out of spite.

[–] forrgott@lemmy.sdf.org -3 points 6 days ago (3 children)

Right, because only women are the problem, and men are paragons of virtue.

Fuck off

[–] Clbull@lemmy.world 0 points 5 days ago

Did I state that? No?

You can fuck off.

load more comments (2 replies)
[–] sunglocto@lemmy.dbzer0.com 209 points 1 week ago (23 children)

This is what happens when you decide to vibecode a service with zero attention to safety or web development. This is why you don't immediately jump onto a new service without it being vetted properly. Now one of the worst communities on the Internet is in possession of over a hundred thousand women's driving licenses and faces. This is going to be an absolute disaster.

[–] Darrell_Winfield@lemmy.world 155 points 1 week ago (4 children)

This is ALSO why no service should ever require or get my driver's license information. Fuck that. Also, yet another Constance to those who can't afford a car or want to improve the environment by living car free.

load more comments (4 replies)
[–] 4am@lemmy.zip 67 points 1 week ago (3 children)

Now now, I like to shit on vibecoders too but let’s not pretend this is some new problem.

Idiots leave databases on cloud servers exposed all the time rather than deal with their companies often arcane rules for generating certificates

load more comments (3 replies)
load more comments (21 replies)
[–] gnu@lemmy.zip 155 points 1 week ago (6 children)

People sign up to app intended to share personal information about others without their permission, end up having their own personal information shared without permission - the irony is impressive.

[–] surewhynotlem@lemmy.world 103 points 1 week ago (1 children)

At first I was going to call bullshit because I thought you were exaggerating and being ridiculous.

Nope. That's the app. "Anonymous" sharing of pictures and info of other people. Presumably without their permission. That's fucked up.

[–] blarghly@lemmy.world 47 points 1 week ago (24 children)

Yeah. I mean, I get it. The concept of the app makes sense. And I would be that, on average, it is/would be used for good.

On the other hand, as a guy, the idea that people are out there sharing reviews of me as a person on the open internet, and I have no way of knowing this, is deeply unsettling. Like, I haven't done anything wrong - just the whole concept feels very gross.

load more comments (24 replies)
load more comments (5 replies)
[–] LibertyLizard@slrpnk.net 111 points 1 week ago (11 children)

I would not under any circumstances give my drivers license to a for profit app. I don’t even like to give my email.

load more comments (11 replies)
[–] sp3ctr4l@lemmy.dbzer0.com 104 points 1 week ago* (last edited 1 week ago) (16 children)

Wow that was fast.

I did not even know this app existed untill about 8 hours ago.

Already comprimised.

EDIT: Also, lol, this arguably is not even largely a hack.

These idiots just had everything stored in a fucking publically accesible firebase bucket... amazing.

They didn't delete anything they claimed to.

Either way you look at it, anywhere on the spectrum from:

A ] A bunch of women reasonably concerned for their safety

B ] A bunch of gossip mongers

... well, they've now all been doxxed, ironic from each angle.

What a fucking disaster.

load more comments (16 replies)
[–] JackbyDev@programming.dev 95 points 1 week ago (4 children)

I can't open the article, but I think I read that this was hosted on an unprotected bucket. Assuming that's correct I wouldn't say this was a breach. A better headline would be "Women dating safety app 'Tea' exposed women's PII".

To be 100% clear, I'm not excusing the hackers. I don't believe it's morally correct to publicize something because it is exposed. For folks curious about that you can look into how to ethically disclose vulnerabilities. I still view this as doxxing. I still believe what the hackers did should be a criminal offense, it's just that I also believe the app holds a ton of the blame as well. How can you proclaim to be about keeping women safe while putting them at risk? That should be punished as well.

Like if the storage facility you trusted to hold your stuff never had locks on the doors, shouldn't they take a lot of the blame as well as the thief who found out a door was unlocked?

[–] Clbull@lemmy.world 1 points 6 days ago (1 children)

They also said they deleted IDs once users were verified. The breach proved that to be an outright lie.

load more comments (1 replies)
[–] hopesdead@startrek.website 43 points 1 week ago (10 children)

The bigger problem is trying to get the mainstream that would read an article like that to understand the technical difference between hacking and accessing unsecured data.

load more comments (10 replies)
load more comments (2 replies)
[–] ToiletFlushShowerScream@lemmy.world 79 points 1 week ago

Not sure if this is ironic that the users are now less safe after using the safety app. But I still feel bad for the users. Dating is hard enough without the fear of being harmed.

[–] Longmactoppedup@aussie.zone 78 points 1 week ago (7 children)

Maybe I'm just getting old, but the idea of "verifying" my real identity to a faceless website or mobile app is abhorrent.

I guess it doesn't help that governments in some countries (UK, Australia that I know of) are encouraging this bullshit with Trojan horse laws claiming to protect children from adult websites / social media.

Can't help but think there is also an element of pot meet kettle here, when users of an app designed to dox and slander people without their knowledge are now the ones getting doxxed themselves.

load more comments (7 replies)
[–] dandelion@lemmy.blahaj.zone 75 points 1 week ago* (last edited 1 week ago) (49 children)

The replies in this thread are disturbing, giving me a sense that Lemmy has a misogyny problem; maybe I was naïve, but I expected outrage about 4chan doxxing women trying to protect one another, instead I see lots of revenge enjoyment as if being doxxed on 4chan is justice for ... warning one another about dangerous men they encounter when dating?

The inability to empathize and take seriously the threats posed to women or to understand their motivation to protect one another is alarming.

There is no good faith extended, but also no evidence presented that instead of safety the app was just for gossip, it's just taken as assumed that women are wrong for using Tea and they all deserve to be doxxed.

[–] DrSteveBrule@mander.xyz 50 points 1 week ago (6 children)

I'm all for groups of safe spaces for women. Especially when it's designed to keep them safe while dating. I have my doubts that Tea was that. Even if it was advertised as such, "tea" is slang for the word gossip. I've heard stories from several sources that it was used to dox people as well. Not saying what happened to the users is right. I think some users here are just feeling smug that this might cause the app to fail or shut down.

load more comments (6 replies)
[–] zarkanian@sh.itjust.works 43 points 1 week ago (1 children)

It isn't the women who are wrong; it's the app developer and 4chan. But setting aside the data breach, creating a Yelp for dating is a ticking time bomb. They were going to get sued out the ass, data breach or no data breach. I don't know how many times this needs to happen, but I guess web developers have the memory of goldfish. There have been several attempts at something similar that got shut down for the obvious reasons. Making a website that rates human beings is always going to be a legal minefield.

[–] WorldsDumbestMan@lemmy.today 0 points 6 days ago (4 children)

Don't trust dating apps ever. Literally better off dating someone you meet at a park.

Less chance an algorithm set you up to fail.

load more comments (4 replies)
load more comments (47 replies)
[–] Wispy2891@lemmy.world 50 points 1 week ago

Protecting our users' privacy and data is our highest priority. We are taking every necessary step to ensure the security of our platform

Since sensitive data was put on a public bucket, maybe they meant it was their lowest priority?

[–] bytesonbike@discuss.online 49 points 1 week ago (9 children)

My friend came over and told me a story about this crazy date she was on. The guy love bombs her, sets her up with a massage, then in the morning, goes out and eats McDonalds alone and ghosts her. Then repeats every few weeks with love bombs.

I shared that with my discord group and someone said they know that guy too.

Im assuming that's what Tea is for.

load more comments (9 replies)
[–] SaltySalamander@fedia.io 48 points 1 week ago (7 children)

No sympathy from me whatsoever. The app was designed to allow these women to anonymously post personal information about other people. Fuck 'em. Turnabout is fair play. As my kindergarten teacher used to say, "you get what you get and you don't pitch a fit".

load more comments (7 replies)
[–] ChickenAndRice@sh.itjust.works 43 points 1 week ago

[–] BackgrndNoize@lemmy.world 42 points 1 week ago (4 children)

This is why there should be a nationwide rule that PII data should be deleted after the users identity has been verified

[–] phutatorius@lemmy.zip 1 points 6 days ago

A better rule is that PII data should never be used as a basis for auth/auth except by government agencies in the process of delivering legally mandated government services.

load more comments (3 replies)
load more comments
view more: ‹ prev next ›