this post was submitted on 25 Jul 2025
643 points (98.1% liked)

Technology

81286 readers
3966 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
643
Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan (www.404media.co)
submitted 6 months ago by bytesonbike@discuss.online to c/technology@lemmy.world
252 comments fedilink hide all child comments
 

Users from 4chan claim to have discovered an exposed database hosted on Google’s mobile app development platform, Firebase, belonging to the newly popular women’s dating safety app Tea. Users say they are rifling through peoples’ personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media.

you are viewing a single comment's thread
view the rest of the comments
[–] hopesdead@startrek.website 44 points 6 months ago (10 children)

The bigger problem is trying to get the mainstream that would read an article like that to understand the technical difference between hacking and accessing unsecured data.

[–] JackbyDev@programming.dev 26 points 6 months ago (6 children)

One of the definitions of hacking is illegally gaining access to a computer system. It doesn't need to involve any sort of exploit. Stealing from an unlocked home is still stealing. Gaining access to a system by phishing is still hacking. Leaking data that is technically publicly accessible that isn't meant to be publicly accessible is still hacking.

Not that I suspect anything good from 4chan but the proper thing to do would be to disclose to Tea that their data is public and allow them to fix the problem. The ethics of vulnerability disclosure still apply when the vulnerability is "hey you literally didn't secure this at all."

[–] cows_are_underrated@feddit.org 3 points 6 months ago (1 children)

illegally gaining access to a computer system

This is also The legal Definition applied in Germany (with the only difference being, that in Germany it is "gaining access to a system not meant to be accessed). The problem with this is, that everyone who finds security breaches is at threat to be punished for it, even if they ethically disclose it. There have been various cases of ethical hackers receiving fines for disclosing security vulnerabilities.

[–] JackbyDev@programming.dev 3 points 6 months ago

Same in America. Someone who found a government website had SSNs just sitting in the HTML was almost prosecuted for viewing the raw HTML after ethically disclosing it.

load more comments (4 replies)
load more comments (7 replies)