this post was submitted on 25 Jul 2025
642 points (98.1% liked)

Technology

76364 readers
1568 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

Users from 4chan claim to have discovered an exposed database hosted on Google’s mobile app development platform, Firebase, belonging to the newly popular women’s dating safety app Tea. Users say they are rifling through peoples’ personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media.

you are viewing a single comment's thread
view the rest of the comments
[–] sp3ctr4l@lemmy.dbzer0.com 104 points 3 months ago* (last edited 3 months ago) (2 children)

Wow that was fast.

I did not even know this app existed untill about 8 hours ago.

Already comprimised.

EDIT: Also, lol, this arguably is not even largely a hack.

These idiots just had everything stored in a fucking publically accesible firebase bucket... amazing.

They didn't delete anything they claimed to.

Either way you look at it, anywhere on the spectrum from:

A ] A bunch of women reasonably concerned for their safety

B ] A bunch of gossip mongers

... well, they've now all been doxxed, ironic from each angle.

What a fucking disaster.

[–] jwmgregory@lemmy.dbzer0.com 6 points 3 months ago (1 children)

if that’s truly how the leak happened then these people, in any reasonable jurisdiction, would be considered criminally negligent, at the least.

yay compsci ethics courses :D

boo courts failing to uphold the law >:(

[–] sp3ctr4l@lemmy.dbzer0.com 5 points 3 months ago

Hooray two tiered legal system, huzzah!

/s/s/s

[–] JackbyDev@programming.dev 2 points 3 months ago (2 children)

this arguably is not even largely a hack.

While I agree in principle, I think we should still call it a hack. As in "to gain illegal access to (a computer network, system, etc.)" as Merriam-Webster puts it. It shouldn't be legal to do do this just because the website had horrible (non-existent) security. You shouldn't be allowed to rob a house just because the door wasn't locked.

[–] DreamlandLividity@lemmy.world 1 points 3 months ago* (last edited 3 months ago) (1 children)

At which step should it turn illegal? You accessing publicly available website? How exactly are you to know if it is supposed to be public or not, if there is not even an attempt at security?

[–] JackbyDev@programming.dev 2 points 3 months ago (1 children)

The thing is we don't need to come up with some absolute definition of what should and shouldn't be illegal to talk about this case specifically. They didn't accidentally stumble on this. They doxxed the users instead of responsibly disclosing the problem. This is extremely cut and dry.

If the story here was "I mistyped something and got to a page I shouldn't have access to, I disclosed it to the company, didn't dox anyone by sharing the problem, and now the FBI is after me" it would be different.

[–] DreamlandLividity@lemmy.world 1 points 3 months ago* (last edited 3 months ago) (1 children)

They were looking through publicly accessible buckets on firebase. They literally did stumble upon this by accident while going through public data. And then just told other people about what they found. Should they have disclosed it once they realized what it was instead of spreading it? Sure, morally speaking. But I don't see how you could write a law to make this illegal without just trampling on free speech.

[–] JackbyDev@programming.dev 1 points 3 months ago (1 children)

And then just told other people about what they found.

That's a weird way to say they doxxed people instead of ethically disclosing what they found. Hiding that detail is why I have a problem with defending this.

If someone steals something they didn't know belonged to someone (say through an unlocked door), should we prosecute them? I don't know. What did they do next after they found out they shouldn't be there? Did they give it back and tell the building owners "hey, you have an unlocked door" or did they yell to the street "hey everyone, come get free stuff!" How did they behave once they knew they did something wrong.

[–] DreamlandLividity@lemmy.world -1 points 3 months ago* (last edited 3 months ago) (1 children)

From what I have seen, they initial guys shared a link to the database, not any content. The equivalent of telling people: "Look at this unlocked door I found." They did not "steal" anything as far as I know.

Also, the analogy doesn't work either. What if it really was intended to be public? Making a copy is not analogous to stealing something, it's analogous to taking a picture.

PS: Maybe to make it clearer what I am thinking of. A real court case that happened: A person found a bunch of documents on a government website, just sitting there. He decided to share them. Turns out they were not supposed to be public. The government tried to prosecute the guy who had no idea the files were not public. They thankfully lost.

How can it be the responsibility of a person to try to figure out if these files are supposed to be public or are public on accident? Yes, these guys had a good guess that this was an accident, but so what. We don't prosecute people for having good guesses.

[–] JackbyDev@programming.dev 1 points 3 months ago (1 children)

Damn, do you think this link I found that has a ton of women's drivers licenses is supposed to be public? Better share it to 4chan. They'll know what to do.

[–] DreamlandLividity@lemmy.world 0 points 3 months ago* (last edited 3 months ago) (1 children)

So it's just about the drivers licenses? We should make a law to ban sharing drivers licenses? Or is it posting to 4chan that should be illegal?

What do you believe should be the law here? You just keep arguing this specific case should be illegal, but based on what? Which specific part?

[–] JackbyDev@programming.dev 0 points 3 months ago (1 children)

When did this ever become about what laws should be? There already are laws for this. How are you so obtuse? They doxxed thousands of women. I can't stress that enough. They doxxed thousands of women and you're defending them.

[–] DreamlandLividity@lemmy.world 0 points 3 months ago* (last edited 3 months ago) (1 children)

Not legally, no they didn't. Tea did. Under current laws, they have no obligation to report this or to not tell other people about it.

Seems the issue is you don't understand how laws work.

[–] JackbyDev@programming.dev 0 points 3 months ago (1 children)

No need to be condescending. The current laws about hacking in America are actually much more strict than they should be and can be used to punish people who actually do just stumble on things they shouldn't have access to as well as people who are ethical whistle blowers. So no, it seems you don't "how laws work."

But I don't believe those laws should be used to go after people who make mistakes or report problems in good faith. These folks didn't make an innocent mistake and weren't acting in good faith.

[–] db2@lemmy.world 0 points 3 months ago (1 children)

This is more like the door was left open and the lights were on, and you took pictures of the artwork on the entryway walls and then left.

[–] JackbyDev@programming.dev 0 points 3 months ago

Except it wasn't artwork, it was driver's licenses. You know, things you obviously shouldn't have access to.