Conversation

Notices

1. Embed this notice
   Michał "rysiek" Woźniak · 🇺🇦 (rysiek@mstdn.social)'s status on Sunday, 27-Jul-2025 00:54:21 JST Michał "rysiek" Woźniak · 🇺🇦

   Oh I see the absurdly, negligently insecure Tea app is now getting the "hackers hacked" treatment, so that it can comfortably deflect blame to some unspecified scary hackers?

   Cool, cool.

   *takes out a bullhorn*

   📢 Tea kept drivers license photos of thousands of women in an unprotected Google Firebase storage bucket.

   📢 Centering "hackers" means helping let those responsible for the horrendous negligence at Tea off the hook.

   👏 There is no "hack", only other people's negligence.

   #InfoSec #Tea

   • djsumdog likes this.
   • Embed this notice
     djsumdog (djsumdog@djsumdog.com)'s status on Sunday, 27-Jul-2025 00:55:02 JST djsumdog

     in reply to
     There's plenty of blame to go around, include any idiot who lets anyone scan their ID for almost any purpose.
   • Embed this notice
     Michał "rysiek" Woźniak · 🇺🇦 (rysiek@mstdn.social)'s status on Sunday, 27-Jul-2025 02:01:15 JST Michał "rysiek" Woźniak · 🇺🇦

     in reply to

     Some people seem to need a bit of clarification, so here it is:

     The petty Internet trolls who found this open Google Firebase storage bucket and publicized the data contained within are reprehensible. They acted maliciously. They are responsible for what they did.

     But this is not an APT-level attack. This is some Internet rando stumbling into a trove of personal data left publicly exposed by the negligent company responsible for its safe-keeping.

     Focusing on the rando ignores the core issue.

   • Embed this notice
     Michał "rysiek" Woźniak · 🇺🇦 (rysiek@mstdn.social)'s status on Sunday, 27-Jul-2025 02:01:16 JST Michał "rysiek" Woźniak · 🇺🇦

     in reply to

     You need a headline for the story about the Tea app leak?

     How about:

     👉 Negligence at Tea Puts 13.000 Women in Danger

     👉 Tea App Put Drivers License Photos of 13.000 Women Publicly on the Internet

     👉 Tea Failed to Secure Drivers License Photos of 13.000 Women

     It's *that easy* not to help deflect blame from whoever is actually responsible for 13.000 women now having to deal with their personal details and photos being pored over by the last people they'd like to have access to them.

     Rich Felker repeated this.
   • Embed this notice
     Michał "rysiek" Woźniak · 🇺🇦 (rysiek@mstdn.social)'s status on Sunday, 27-Jul-2025 02:01:17 JST Michał "rysiek" Woźniak · 🇺🇦

     in reply to

     I've been on this soapbox for years and I ain't stepping down off of it:
     https://rys.io/en/155.html

     This kind of "hackers hacked" bullshit is why we have shit cybersecurity laws that end up penalizing reverse engineering and security researchers instead of negligent companies putting out insecure products and services.

     Remember the Polish trains DRM scandal? When experts showed that Newag's trains had illegal DRM, Newag explicitly used their self-identifying as "hackers" to smear them in media.

     Rich Felker repeated this.
   • Embed this notice
     Tekniquelly correct (tek@freeradical.zone)'s status on Sunday, 27-Jul-2025 02:23:41 JST Tekniquelly correct

     in reply to

     • marius

     @mariusor @rysiek I’d contend that Tea are the ones who released the information. The attacker just pointed a sign at the already open door. It seems likely that others were already walking through it.

   • Embed this notice
     marius (mariusor@metalhead.club)'s status on Sunday, 27-Jul-2025 02:23:43 JST marius

     in reply to

     > Negligence at Tea Puts 13.000 Women in Danger

     @rysiek totally agree, but the people that released the information are definitely guilty of a lot more than just being incompetent, they're actively and unequivocally assholes... please let's try not to lionize them due to some misguided sense of pedantry about what hackers are or do.

     There is such a thing as responsible disclosure after all.

     Rich Felker repeated this.