The Tea app, designed for women to discuss dating safety, suffered a significant security breach, leading to the exposure of over 72,000 personal identities, including selfies and government IDs. The app, which boasted over 4 million users, was found to have an unsecured backend database without any password protection or encryption. This lapse allowed private images and direct messages to be publicly accessible, with some data even mapped and searchable online. Users were required to submit their IDs and selfies for verification, which has now become a risk, contradicting the platform's mission to safeguard women. This incident highlights the dangers of 'vibe coding,' a method where developers hastily produce applications without thorough security checks, relying instead on AI tools. The original leaker pointed out that the Firebase bucket utilized by Tea had no authentication due to defaults set by AI tools. As a result, users are left vulnerable, with advice to consider credit monitoring to mitigate potential fallout from this breach.

Source šŸ”—