• traches@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    113
    ·
    7 days ago

    Damn, if they had PII in a public bucket like that it’s criminally negligent. Well, at least it should be but I’m no lawyer

        • zwerg@feddit.org
          link
          fedilink
          English
          arrow-up
          32
          ·
          7 days ago

          Indeed, and the kicker is that 4% is on turnover, not profit. That can really hurt.

          • Echo Dot@feddit.uk
            link
            fedilink
            English
            arrow-up
            10
            ·
            6 days ago

            Yeah it has to be that way otherwise all these venture capital funded businesses that never actually make a profit could just do whatever they want, and considering that’s basically every startup it would essentially neuter to the law.

    • skisnow@lemmy.ca
      link
      fedilink
      English
      arrow-up
      56
      arrow-down
      6
      ·
      6 days ago

      Yeah there was absolutely no need to include unfounded racist shit about “DEI hires” but it seems to be some sort of rule in 4chan that you have to be a bigoted fucknut in order to post

  • orclev@lemmy.world
    link
    fedilink
    English
    arrow-up
    96
    ·
    edit-2
    7 days ago

    Uh… What’s the tea app?

    Edit: from what I can gather based on the last link attached to this post it seems to be some kind of app for women to talk about men they’ve dated. Why that needs drivers license uploads is a whole other question and definitely should have raised some massive red flags for anyone thinking about using it.

    • Melvin_Ferd@lemmy.world
      link
      fedilink
      English
      arrow-up
      57
      arrow-down
      5
      ·
      edit-2
      6 days ago

      “talk”

      They try to get a pass on this by saying it’s about “safety” and reporting creeps. But it’s filled with women posting dudes and gossip. It gives me the same vibes as those sites back in the day that were shut down because they were essentially revenge porn sites. Same shit different form.

      • valtia@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        arrow-down
        35
        ·
        6 days ago

        Yes, trying to warn other women about a man you dated who abused you or gave off weird vibes is definitely the same as getting your nudes or porn video of yourself leaked against your will onto the public internet for everyone to see

        • Melvin_Ferd@lemmy.world
          link
          fedilink
          English
          arrow-up
          29
          arrow-down
          4
          ·
          edit-2
          6 days ago

          Yea cause that’s what these sites totally were doing.

          Everyone knows what these places were. 4chan are fucking scumbags but so are the people using these gossip sites. They’re both cut from the same cloth

    • valtia@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      2
      ·
      edit-2
      6 days ago

      The app required ID uploads ostensibly to verify that you were a woman signing up, men were not allowed to join for obvious reasons

      • communism@lemmy.ml
        link
        fedilink
        English
        arrow-up
        9
        ·
        6 days ago

        Aside from the fact that it was stored in a public database, there’s no need to store photos of the IDs at all. The account can just be marked as verified and move on.

        Also I doubt that measure would keep a man out if he really wanted to join…

    • Armand1@lemmy.world
      link
      fedilink
      English
      arrow-up
      24
      arrow-down
      14
      ·
      6 days ago

      The drivers license thing is likely due to a law passed by the UK a few days ago requires all mature content to be behind an age check. And not a “Are you 18: Yes / No”, more like “we will check using ID and photos of you”.

      It’s the most hated piece of legislation in a while, with already 100 000 petition votes in 3 days to repeal it.

      • rmuk@feddit.uk
        link
        fedilink
        English
        arrow-up
        41
        arrow-down
        1
        ·
        6 days ago

        None of the driver licenses shown in the screenshot are UK style.

        • Armand1@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          6 days ago

          No idea why they were collecting identification then.

          Even worse, since the hackers got a bunch of the data at once, the company must have held onto those pictures long after they registered people to their service, which they likely didn’t need to do.

      • Echo Dot@feddit.uk
        link
        fedilink
        English
        arrow-up
        19
        ·
        edit-2
        6 days ago

        Oh yes the famous state of Colorado UK.

        UK driving licences do not look like that, they don’t have US states on them (major clue), are green, and if the person in the photo actually looks like a living human and not corpse, it gets sent back as unacceptable.

  • refract@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    18
    arrow-down
    2
    ·
    6 days ago

    I understand the reasoning for the public intent of the app and would generally support it within reason cause society right now amirite… but its not so subtle real world application has now leaked a DB of catty women for whom the majority ALSO show massive red flags. This isn’t a sexist men vs women critique, if there was an app for men to rate women and dox them I’d feel the same way. Love it when shitty people bamboozle themselves.

    • ipkpjersi@lemmy.ml
      link
      fedilink
      English
      arrow-up
      12
      ·
      edit-2
      5 days ago

      I mean it’s even in the app name that it’s not about protecting women and keeping them safe, it’s literally about “spilling the tea” aka gossip. It’s pretty gross and can be used for nonconsenual sharing of images and even slander too since there’s no way to know if what someone is writing on there about someone is true or not.

  • CriticalMiss@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    5 days ago

    A public S3 bucket? Whoever used the app should start a class action lawsuit, this is beyond misconduct.

    • Hobo@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      5 days ago

      Imagine the other gaping security holes in this thing if storing all the data on a public s3 bucket flew under the radar until after release.

  • HexesofVexes@lemmy.world
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    6 days ago

    I can’t wait till I read a similar article about porn sites; especially one where the doxxed individuals are politicians.

    • Invertedouroboros@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      5 days ago

      I mean, we kinda already ended up there with the Ashley Madison hack in 2015. Problems with that site aside, I feel like it’s kinda the blueprint for everything wrong with companies that retain personally identifable info on folks. If a company collects details like your driver’s license, it’s not a question of if it gets out but when. There’s just no way to collect that sort of data and truly keep it safe.

      But, it seems like we’ve kinda forgotten how to learn lessons in the modern day, so I’m sure this was an isolated issue and we’ll never see it’s like again.

      (/s on that last part, just in case that wasn’t blindingly obvious.)

  • Vinstaal0@feddit.nl
    link
    fedilink
    English
    arrow-up
    16
    arrow-down
    5
    ·
    edit-2
    5 days ago

    Friendly reminder that some services do need your ID otherwise they cannot help you or at least they need to very you (accountants, notaries, etc)

    edit: I can´t do your tax report if I 1 don´t identify you and 2 I don’t have the social security for which I need to do the report

  • Avicenna@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    17
    ·
    6 days ago

    Horrible practices by this app yes still can’t help but feel anon seems to think he is a hacker for writing a python script to scrape a public database. Also scold app devs for not dealing with sensitive information carefully, release them in the most vile online platform possible so you can boast about your average python scripting skills?

      • Avicenna@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        5
        ·
        6 days ago

        Not to me, yes the app sucks, yes the use case of the app also sucks, yes devs are either super green or even mostly AI (these have been discussed extensively and I agree with all).

        But can’t commend public release of such sensitive data in such a place. You can still bury this app and the company without compromising people’s sensitive data. Makes for less of a show and less opportunity to boast but yea.

        • Taldan@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 days ago

          yes devs are either super green or even mostly AI

          Solely blaming the devs tells me you have no experience with Firebase security

          • Avicenna@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            1
            ·
            edit-2
            6 days ago

            No I don’t but if the firebase sucks isn’t it devs job to be knowing this? They might have warned their supervisors and simply disregarded, that is also another possibility in which case the blame obviously goes to higher up not the devs.

    • Taldan@lemmy.world
      link
      fedilink
      English
      arrow-up
      13
      ·
      6 days ago

      That’s exactly what hacking is.

      '90s hacking movies may have given you a different idea of what cybersecurity looks like, but this is what the real world is like

      Also, Google deserves a scolding here. Firebase’s default configuration is absolutely atrocious. One of the few critical vulnerabilities I’ve seen where the system is working as intended. Dubbed the hospital gown vuknerability because they leave the backend wide open by default

      • surewhynotlem@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        2
        ·
        6 days ago

        Firebase’s default configuration

        I’m going to get on my grumpy old man soapbox. I understand making things idiot proof for end users. End users are idiots. But do we have to make things super safe for developers now too? Do we want to add a warning to rm so we don’t accidentally remove the wrong directory?

        Any developer who doesn’t know to check permissions and accessibility on their database deserves to have their AI vibe coding bot taken away.

      • Avicenna@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        2
        ·
        edit-2
        6 days ago

        I mean this is just writing a script to access a public database, this is not even exploiting a code vulnerability. So there is an area between digital number waterfalls on the screen and accessing a public database which I would consider more of hacking.