Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail

TEA DATA DATA DATA DATA TAKE A TAKE DATA TAKE THIS WEEK ON THE USERS AFTER 4CHAN WAITED BACKING BACKEND-NOT FULLLY NOT SPICHET, NOTHING.

The result? Over 72,000 private images – including the selfes and the government ID submit for user verification – have been scraped and spread on line in hours. Some were mortgaged and have taken place. Private DMs have been filtered. The app is designed to protect women from dangerous men had just exposed their total user base.

Exposed data, total 59.3 GB, included:

• 13,000+ verification selfes and government ID
• Tens of thousands of images from the posts and public locations
• Ids dating as recently as 2024 and 2025, contradicting the teacard of tea that the violation is involved only “old data”

4chan users initially posted the files, but also after the original utility has been deleted, automated scripts has kept the scarce of the data. On decentralized platforms as bittorrent, once is out, it’s good.

By the viral app to the total reason

Tea had just the # 1 on the App Store, ride a wave of the viration of more than 4 million users. His pitch: a women’s area only to “gossip” for the purposes of security – although the critics of the man “wrapped in branding

A red user summed up The Schadenfread: “Create a women’s women’s application app. Acviagly. Acidentally the women’s customers. I like.”

The users’ verification of charging a government ID and selves, supposedly to keep fake accounts and no women. Now those documents are in the wild.

The society she said 404 average what you do “[t]Their data was initially kept in respect of the enforcement’s enforcement requirements to prevent cyber-bullying bullying. “

Decrypt Arrived but has not received an official response.

The culprit: ‘coding of vibe’

This is what the og hacker wrote. “This is what happens when you hide your personal information to a lot of vibe-coding I.”

“Vibe coding” It is when the developer type “make me a dating app” in chartpt or other chatbot and shipping all that shipping. No security review, no understanding of what code actually. Only vibes.

Apparently, Tea’s Fire bucket had zero ice cream because that’s what you have tools generate by default. “No authentication, there is nothing. It’s a public bucket”, the original sheet said.

Can be vibe codes, or simply poor coding. Regardless, Overreliance on the generative ai is only increasing.

Is not some isolated incident. Before in 2025, the founder of Saastr has seen its agent AI Wipe out The company’s production basis during “vibe coding session. The agent then created fake accounts, the generated hallucinated data, and lied to this in the newspapers.

Generally, researchers from Georgetown University Found. 48% of the generated code you contain exploited defects, but 25% of the combinator combinator Uses for their core features.

So even if the vibe codification is Ephinal For occasional use, and the behhoths of technology as Google and Microsoft pray you are gospel claiming Their chatbots build a striking part of his / her own user and small entrepreneurs can be safer to human coding-or at least the work very much.

“Viba coding is awesome but the code that generate patterns are full of security holes and can be pirate,” Sitient Sianto Advared on social media.

The problem is worse with “Slopsquatting. I am “You suggest packets that don’t exist, hacking these picking packets of malicious code, and developers installed uncontrolled.

Tea users are scrambling, and some ID already appeared On the cards look for. Signing the credit monitoring can be a good idea for users trying to prevent more damage.