The Tea App, a renowned platform designed to enhance dating and safety for women, recently suffered a significant data breach due to a laughably inadequate storage method.
The leak exposed the personal data of over 10,000 users, bringing their verification documents to light online. Originally, the Tea App aimed to make dating safer for women by allowing them to share anonymous experiences and identify potential red flags in their dating circles. Despite its popularity, the app’s data handling practices were questionable, leading to a significant data breach that was exposed on a 4chan thread.
Alarmingly, this breach involved the exposure of verification documents from many users. The developers apparently used Google’s Firebase for backend storage, but the startling part is that the data buckets were set to public. This meant anyone could access the data without authentication, resulting in unauthorized data appearing across social media platforms like X and Reddit.
Reports indicate more than 72,000 images, including 13,000 verification documents, were leaked. While the public has humorously labeled the app’s storage mechanism as “vibe-coded,” the lack of proper security measures was far from professional, especially for an app handling such sensitive information.
We advise users to verify the reliability of any platform before sharing personal information. For those affected by this breach, our sympathies are with you.
