The Tea app, designed for women to share safety experiences, faced a severe data breach resulting in over 72,000 private images—including selfies and government IDs—being leaked online. The app had gained popularity with more than 4 million users by promoting a women-only platform for discussing men. However, its backend database was completely unsecured, lacking encryption or password protection, allowing hackers to access sensitive information rapidly. The exposed data weighed 59.3 GB and included numerous verification selfies and private messages from recent years, contradicting the app’s claims about only leaking 'old data'. The breach was attributed to inadequate security measures and a phenomenon dubbed 'vibe coding', where developers rely heavily on AI-generated code, which often lacks robustness against attacks. While Tea had requested personal data for user verification, now this information is publicly accessible, prompting users to consider credit monitoring to mitigate potential risks.

Source 🔗