this post was submitted on 31 Jul 2025
436 points (99.3% liked)

Technology

73546 readers
3527 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
436
Tea App A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating (www.404media.co)
submitted 2 days ago* (last edited 2 days ago) by themachinestops@lemmy.dbzer0.com to c/technology@lemmy.world
111 comments fedilink hide all child comments
 

https://www.bleepingcomputer.com/news/security/tea-app-leak-worsens-with-second-database-exposing-user-chats/

https://redlib.orangenet.cc/r/AskWomen/comments/1m9ydcn/what_iswas_the_tea_app_actually_like/

you are viewing a single comment's thread
view the rest of the comments
[–] andyburke@fedia.io 81 points 2 days ago (2 children)

In any other engineering discipline this would he negligence.

[–] FauxLiving@lemmy.world 38 points 2 days ago* (last edited 2 days ago)

It is negligence, but information workers have very little regulation when it comes to handling personal data (outside of specific fields, like healthcare and finance).

I say this as an information worker who handles a lot of personal data. Worst case scenario, I get fired and can't use them as a reference. Unless I'm intentionally stealing data and using it for crimes there's no risk of criminal penalties.

We needed privacy laws 20 years ago but the tech bros assured everyone that it would be fine and for a long time they were mostly responsible with our data. But now we're well into the enshittification of the Internet and the lack of regulation is allowing these kinds of harms to become common.

Though, in a sane regulatory framework Tea wouldn't be allowed to exist in the first place. The entire point of the site is to doxx people and share personal details about them without their consent.

[–] Taldan@lemmy.world 9 points 2 days ago (1 children)

At least some of the negligence is on Google, for the atrocious default security settings in Firebase

The vulnerability is called hospital gown because they leave the back end wide open by design. It's not even a traditional vulnerability, since it's technically working as intended

[–] echodot@feddit.uk 8 points 1 day ago

In fairness if you leave Firebase in its default settings it won't shut up about it.

You get warnings on the website, and constant emails telling you that you're being a pillocked.