It's concerning that these type of leaks keep happening. Outside of the damage from leaking personal information, they also lower public confidence in trying out new apps. Vibe coding is making it more difficult for app makers in general when users can't trust that their personal information is protected.
> Images of these driver’s licenses are publicly accessible web addresses, allowing anyone with the links to access them using their web browser.
> TechCrunch also identified a potential second security issue, in which an email address and plaintext password belonging to the app’s creator, Lampkin, was left exposed on the server
> While the app requests IDs and selfies from its users to verify their identities — a process that is not automatic — users can access a “guest” view of the app without signing in.
Is this just bad development? Are these just things could be missed by any developer or team?
I'm curious as someone who would like to create side projects with users (albiet not dubious ones these like apps) but I'm always afraid of a glaring security flaw that would be basic 101 of web development.
Has anybody tried a GDPR request against either this app or tea? My name, or any personally identifiable data is PII by definition, and GDPR gives me an absolute right to view anything they've got associated with my PII, which would include any posts
20 comments
[ 0.26 ms ] story [ 40.2 ms ] threadIt helps the argument that anyone you’d want to meet is not on a dating app.
Interesting that they've gone from reporting about flaws others found to hunting and hacking themselves.
> TechCrunch also identified a potential second security issue, in which an email address and plaintext password belonging to the app’s creator, Lampkin, was left exposed on the server
> While the app requests IDs and selfies from its users to verify their identities — a process that is not automatic — users can access a “guest” view of the app without signing in.
Is this just bad development? Are these just things could be missed by any developer or team?
I'm curious as someone who would like to create side projects with users (albiet not dubious ones these like apps) but I'm always afraid of a glaring security flaw that would be basic 101 of web development.
Of course, it's also probably leaking information about the victims of the gossip as well. Shame about that.