Tea, a women-only dating app designed to enhance safety, suffered a significant data breach exposing over 72,000 private images, including selfies and government IDs. This breach resulted from hackers discovering the app’s unsecured backend database, which lacked basic safety measures like authentication or encryption. The exposed data amounted to 59.3 GB, containing verification selfies, government-issued IDs, and private direct messages. This incident contradicted claims that the data involved was old, as recent dating information was also uncovered. Critics of the app noted its focus on 'vibe coding'—a trend where developers leverage AI tools without thorough security checks. The hacker behind the discovery remarked on the lax coding practices, emphasizing the dangers of over-reliance on generative AI. Users of the app are now scrambling to mitigate the risks, as some personal data has already been mapped and made searchable online. This incident serves as a serious warning regarding personal data security practices in tech applications, especially those involving sensitive user information.

Source 🔗