The dating app that doxxed 72,000 women...
Duration
3:52
Captions
1
Language
EN
Published
Jul 30, 2025
Description
Get up to 67% off VPS at Hostinger. Use code FIRESHIP for an extra discount at https://hostinger.com/fireship In today's video, we'll find out how the tea app was compromised and look at all the hilarious stuff developers have been building with the hacked data. #teaapp #tech #coding #programming 💬 Chat with Me on Discord https://discord.gg/fireship 🔗 Resources https://techcrunch.com/2025/07/26/dating-safety-app-tea-breached-exposing-72000-user-images/ 🔥 Get More Content - Upgrade to PRO Upgrade at https://fireship.io/pro Use code YT25 for 25% off PRO access 🎨 My Editor Settings - Atom One Dark - vscode-icons - Fira Code Font 🔖 Topics Covered - How the Tea app got hacked - Who is Sean Cook? - How to not set up Firebase - Online Safety Act - Did vibe coding cause the Tea app hack?
Captions (1)
Last week, one of the most revolutionary
dating apps for women, T, shot to the
top of the App Store download charts and
then immediately imploded after one of
the most embarrassing data breaches of
all time. Te is an app that can only be
used by women to dox and gossip about
men that they've gone out with on dating
sites to warn other women about bad
behavior before they go on a date. That
means if you're one of the top 5% of
desirable males who get 80% of the women
on apps like Tinder, they're probably
talking about you on tea. Unfortunately,
on July 25th, T confirmed unauthorized
access to a legacy Firebase storage
bucket that was left completely and
egregiously insecure. Around 72,000
images were compromised, 13,000 selfies,
and ID photos. Then, just days later,
another database was hacked that
allegedly contains over 1.1 million
shared posts, comments, and direct
messages. In today's video, we'll find
out how this app was compromised and
look at all the hilarious stuff
developers have been building with the
hack data. It is July 30th, 2025, and
you're watching the Code Report. The
world is changing quickly. Just days
ago, age verification for adult websites
went into effect in the UK, and similar
laws are also now in place in a handful
of US states. We live in a dystopian
world where Gooners now need to get
permission from the government just for
the privilege to goon online. Protecting
kids from degenerate content is a good
thing, but it's only a matter of time
before one of these age verification
data sets gets hacked. A tea app, which
requires women to verify that they're
women by taking a selfie with their ID,
is a perfect example. It was cooked up
by Shawn Cook, a male developer with
over 6 months of coding under his belt,
according to LinkedIn. But now, his app
is cooked after this massive data breach
was dumped on 4chan. And it's kind of
sad that an app meant to help women stay
safe ended up harming them instead.
4chan anons played the Uno reverse card
when thousands of selfies of users on
the T app were dumped and subsequently
spread across the internet. And people
are continuing to roast these tea users
as we speak. The users of this app and
the victims of the breach are being
referred to as roasties. Vibe coders saw
an opportunity to build all sorts of
ridiculous apps based on this data. Like
one guy used Python to do a detailed
data exploration while another used
JavaScript to take the location data
from the hacked images and plot it on
Google Maps while another person made a
website to rank them based on their
looks. After the breach went viral, the
T team released a statement which was
basically a non-apology with a bunch of
corpo speak that explained how a legacy
data storage system was penetrated
non-consensually. What's especially
egregious about this breach though is
that the data was kept in a Firebase
storage bucket. It completely
unencrypted and unsecured just waiting
to be found by someone on the internet.
And you actually have to go out of your
way to screw up Firebase this bad
because you get tons of warnings when
you have a bucket or database with rules
set to public along with email reminders
that tell you anyone can access this
data. In addition, in the UI, they tell
users that they will delete your selfie
after the verification process is done,
but it appears that wasn't the case.
They were either lying or just highly
incompetent as some have speculated that
the app itself is just vibecoded slop,
but I think that's highly unlikely
because not even AI would screw up
Firebase this bad. But between your AI
coding agent bills, your AI girlfriend
bills, and your cloud hosting bills,
it's never been more expensive to be a
10x developer, which is why you should
check out Hostinger, the sponsor of
today's video. Their virtual private
servers will give you the power and
flexibility to run whatever you want
without locking you into someone else's
platform. And for less than 10 bucks per
month, you get a respectable two CPUs
and 8 GB of RAM. You can see how they
have a bunch of operating systems to
choose from. Or you could go with a
pre-installed template like this one
from Koolifi, which lets you easily
deploy any framework like Nex.js or
Astro. If you want freedom from our
serverless overlords and a great
developer experience, check out
Hostinger at the link below for an even
bigger discount. This has been the code
report. Thanks for watching and I will
see you in the next one.