Tea App Breach

“Here’s why developers are not getting replaced by AI any time soon”, an app called “Tea” which is a women only app to “tell other women about local men in the dating scene” (terrible, dangerous and possibly illegal idea) was breached. I think breached is a strong word though, because the almost certainly vibe coded slop app turned out that they were storing user passports, drivers licenses and photos in a publicly accessible firebase bucket. The devs are lucky they only released the app in the US, because if that ever made it to the EU the company would be sued out of existence and the devs would be bankrupted with fines
For anyone considering (or who already is) working on an app or website that stores any user information, firstly don’t make toxic hellhole platforms because we already have Twitter and that’s more than enough but, please for the love of god take security seriously.
It’s also interesting how the media is still calling this just a hack where apparently just downloading something someone incompetent put out publicly for anyone to get is hacking nowadays.
Zero trust, least privilege access for everything, isolate what you can and encrypt everything. Also don’t 100% vibe code slop. If you use AI, read what’s being generated.

If you enjoy strategy, building and war games then you might enjoy this amazing game which is called Terracore.