This past week (end of July 2025), the Tea dating advice app, designed for women to share reviews and flags about men they've dated, faced a major data breach. Hackers accessed and leaked over 72,000 images, including user selfies and ID photos, highlighting vulnerabilities in apps handling sensitive personal data.
What Occurred
The breach came to light when users on 4chan claimed to have found an exposed database, posting thousands of images online. Tea confirmed the hack, stating that unauthorized access affected around 72,000 photos, with 13,000 being verification selfies submitted before February 2024. The app, which requires selfies for new accounts, said it involved a legacy database and has since secured its systems. Company representatives engaged cybersecurity experts and notified affected users.
The issue appears to have occurred due to a misconfiguration of the Firebase data bucket used to store user’s photos and ids. The bucket was left open to the public, without any authentication required to access it. This should have been caught by the developers as an obvious security vulnerability.
The Broader Effects
The leak eroded trust in Tea, an app that surged to the top of app stores for its community-driven advice. Women users faced real risks, with personal images and IDs exposed, potentially leading to harassment or identity theft. It also sparked legal questions around data privacy and app responsibilities. For the tech industry, this adds to growing concerns about data security in user-generated platforms, especially as “vibe coded” apps are increasingly being built with AI tools, leading to misconfigurations and default settings.
Key Takeaways
- Secure data storage is critical, particularly for apps dealing with sensitive info, use encryption and regular audits to prevent exposures.
- Legacy systems can be weak points; migrate and update them proactively.
- Check default settings and configurations, especially on databases and protections
- User verification processes, while helpful, need strong protections to avoid becoming liabilities.
- As AI tools help build apps faster, ensuring security from the start is essential to avoid breaches that undermine user safety.
How Pleat Supports AI-Generated Apps
Pleat focuses on polishing AI-created code to production standards, including beefing up security to dodge issues like the Tea leak. We review for vulnerabilities in data handling and add necessary security, blending automation with human expertise. This helps developers create reliable apps that protect user data without stifling innovation.
Whether your app was built with AI or involves AI features, Pleat ensures it's locked down and ready for real users.
Wrapping Up
The Tea breach serves as a reminder of how quickly data mishaps can spiral in modern apps. By prioritizing security, especially in AI-assisted development, teams can build trust and avoid pitfalls. If you're refining an AI-generated app, check out Pleat to get it production-ready. Visit us for more on secure app building.