Lunduke
News • Science & Tech
Tea App Clone Exposes Driver’s Licenses
Last month the Tea App exposed 60 GB of personal data (including the government ID of users). Now a clone "TeaOnHer" App did the exact same thing. The future is stupid.
August 13, 2025
post photo preview

Last month, we saw the massive data breach of the “Tea App” — a smartphone app for women to talk about men they don’t like — resulting in over 60 GB of personally identifiable data leaked out to the public. Stuff like selfies and pictures of drivers licenses.

Well, it didn’t take long for a “TeaOnHer” App to appear — with the same basic functionality, except this time for men to talk about women they don’t like.

 

And, of course, the developer of “TeaOnHer” made the same basic mistake that the “Tea App” made: They permanently stored a ton of personal information. Including, once again, divers licenses.

You can already see where this is going.

Driver’s Licenses Everywhere

Almost as soon as the “TeaOnHer” app went live, writers for TechCrunch went looking to see if they could easily access any of that data. Because wouldn’t that be crazy if a copy-cat app made the exact same kind of security mistakes as the app it was copying?

What TechCrunch found was that it took no more than around 10 minutes for them to begin accessing pictures of drivers licenses of user accounts.

 

10 minutes!

With a bunch of the usual suspects of bad security being involved: unprotected file storage (in this case, Amazon), public API documentation, and a lack of secured API calls.

Now, unlike the “Tea App” breach — which resulted in massive archives of personal data published all over the web — it isn’t known if these vulnerabilities actually resulted in significant data archives getting out there in the wild.

But, as the writers at TechCrunch put it, “The bugs were so easy to find that it would be sheer luck if nobody malicious found them before we did.”

There’s a Lesson Here… But it Won’t Be Learned

Sure, this “hack” of the “TeaOnHer” App was easy — as was the hack of the “TeaApp” before it. Both of those systems were comically insecure.

But, the reality is, no complex online system is truly secure.

Have a website or App which stores (and publishes) user data? It can be hacked.

And, if there is sufficient interest in obtaining whatever data is being stored, not only can it be hacked… but it will be hacked.

The HaveIBeenPwned site, alone, has documented close to 15 Billion (with a B) accounts which have not only been breached… but reported and (often) made available in some way.

 

And that 15 Billion is only the breached accounts which we know about.

Anyone who works in IT can tell you that the vast majority of data breaches are never discovered. And the majority of those which are discovered… are never disclosed publicly.

Considering that the current population of the Earth is roughly 8 Billion, it’s safe to assume that every single adult on Earth, with an Internet connection, probably has several breached accounts already.

With the frequency, and size, of such data breaches increasing.

Should these Tea Apps have had better security? You bet your tuchus. From the looks of things neither developer spent any significant time trying to implement even the most basic security precautions.

For Pete’s sake, at least try to slow the hackers down a little.

But the real problem here is not the total lack of security — even “good” security can (and will) be overcome.

No.

The real problem is the type of data being permanently stored, in an Internet accessible way, by these services. If a service is likely to be breached (and any significant service is), a key goal is to limit the amount of data which a hacker can gain access to.

Here are a few good rules of thumb when dealing with data being stored on an Internet accessible server:

  • Do not store any more data, at any given moment, than is 100% necessary.

  • If previously stored data is no longer needed, delete it. Completely. Not “flagged” for deletion. Actually deleted.

  • Whatever data you are storing should be encrypted whenever possible.

  • If sensitive personal data absolutely must be stored, for legal and regulatory reasons, consider physical archives stored in a secure location instead of an Internet connected server.

  • And, of course, don’t use unprotected (or barely protected) “cloud” file storage like the numbskull developers of these “Tea” apps did. That never ends well.

Simple guidelines which, if followed, could significantly reduce the negative impact of inevitable data breaches.

But, of course, few online services — big or small — will follow such guidelines. They will continue expanding the quantity of data they store on increasingly complex systems.

Which means we’ll see more and more data breaches — containing an ever increasing amount of personal data.

Welcome to the future.

The stupid, stupid future.

community logo
Join the Lunduke Community
To read more articles like this, sign up and join my community today
5
What else you may like…
Videos
Podcasts
Posts
Articles
Ubuntu Sponsors Rust Clone Foundation

Canonical is the 1st Gold Sponsor (40,000 EUR) of the "Trifecta Tech Foundation", with the goal of replacing existing software with Rust based clones.

Emacs, Vim, & Desqview/X Lunduke Journal Lifetime Walls:
https://x.com/LundukeJournal/status/2072035827996098916

Get on The Wall with a Massively Discounted Lifetime Sub:
https://lunduke.substack.com/p/50-off-yearly-and-massively-discounted

More from The Lunduke Journal:
https://lunduke.com/

00:16:49
Sony Says No More Physical PlayStation Games

"In response to shifting trends in consumer preference, new games will be released on PlayStation Store and at retailers in digital formats only."

Emacs, Vim, & Desqview/X Lunduke Journal Lifetime Walls:
https://x.com/LundukeJournal/status/2072035827996098916

Get on The Wall with a Massively Discounted Lifetime Sub:
https://lunduke.substack.com/p/50-off-yearly-and-massively-discounted

More from The Lunduke Journal:
https://lunduke.com/

00:18:27
Git Without Rust From Dev of XLibre

Two days after Git 2.55 released, with a big step towards requiring Rust, he "Libre-WD40" project released "Git 2.55 without Rust".

Emacs, Vim, & Desqview/X Lunduke Journal Lifetime Walls:
https://x.com/LundukeJournal/status/2072035827996098916

Get on The Wall with a Massively Discounted Lifetime Sub:
https://lunduke.substack.com/p/50-off-yearly-and-massively-discounted

More from The Lunduke Journal:
https://lunduke.com/

00:15:49
November 22, 2023
The futility of Ad-Blockers

Ads are filling the entirety of the Web -- websites, podcasts, YouTube videos, etc. -- at an increasing rate. Prices for those ad placements are plummeting. Consumers are desperate to use ad-blockers to make the web palatable. Google (and others) are desperate to break and block ad-blockers. All of which results in... more ads and lower pay for creators.

It's a fascinatingly annoying cycle. And there's only one viable way out of it.

Looking for the Podcast RSS feed or other links? Check here:
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

The futility of Ad-Blockers
November 21, 2023
openSUSE says "No Lunduke allowed!"

Those in power with openSUSE make it clear they will not allow me anywhere near anything related to the openSUSE project. Ever. For any reason.

Well, that settles that, then! Guess I won't be contributing to openSUSE! 🤣

Looking for the Podcast RSS feed or other links?
https://lunduke.locals.com/post/4619051/lunduke-journal-link-central-tm

Give the gift of The Lunduke Journal:
https://lunduke.locals.com/post/4898317/give-the-gift-of-the-lunduke-journal

openSUSE says "No Lunduke allowed!"
September 13, 2023
"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044

This episode is free for all to enjoy and share.

Be sure to subscribe here at Lunduke.Locals.com to get all shows & articles (including interviews with other amazing nerds).

"Andreas Kling creator of Serenity OS & Ladybird Web Browser" - Lunduke’s Big Tech Show - September 13th, 2023 - Ep 044
7 hours ago

Not even your headphones are safe!!

For those of you who cannot barbecue tomorrow:

2PM BST (8AM Central) - 'Murica 250 Stream

placeholder
17 hours ago

Ed Zitron on CNBC: Generative AI Doesn't Work, And Big Tech Is Out Of Hypergrowth Ideas - YouTube

He's talking about the financials.

post photo preview
Emacs & Vim Walls almost full!

Quick update on The Lunduke Journal Lifetime Subscriber Walls:

These bad boys are filling up fast. If you don’t have a Lifetime Subscription yet, you can snag one at a mega-ultra-discount right now and get your name on one of these sweet, sweet Walls… show the world your support for The Lunduke Journal!

  1. The Emacs” and “Vim” Lifetime Subscriber Walls are almost full! Which one will be completed first? I expect to announce the victor some time this weekend! If you want to be sure your name gets onto either “Emacs” or “Vim”, let me know very quickly. Like… today.

 
  1. The “Desqview/X” Wall (aka “Wall 17”) launched a few days ago and is off to an awesome start. The first request to add a name to “Desqview/X” arrived literally 2 minutes after I posted it. I can’t blame him. This Wall makes me smile! But there’s still over half of the space left, so you’ve got at least a few days to get your name on this one.

 
  1. The “BeOS R5” Wall has just one spot left. ONE. First come, first served.

Thank you to everyone for the massive outpouring of support for The Lunduke Journal.

If you don’t have your Lifetime Sub yet, get one while they’re discounted!

You make all of this possible!

-Lunduke

Read full Article
Ubuntu 4.10 Wall Full, New Desqview/X Wall, Emacs & Vim update

Hey, all you amazing nerds!

Some quick updates on the Lunduke Journal Lifetime Subscriber Walls (which are just ridiculously fun):

  1. The Emacs” and “Vim” Lifetime Subscriber Walls are filling up fast! If you want get your name on one of these (and push one towards victory over the other), I recommend letting me know pretty gosh darned quickly.

 
  1. The discount for Lifetime Subscriptions has been extended through the end of July… because filling up these Lifetime Walls is fun! This discount makes it easier (and cheaper) for everyone to take part while supporting The Lunduke Journal. If you haven’t grabbed yours yet, pick a Wall (check the bottom of Lunduke.com) and grab a discounted subscription!

  2. The “Ubuntu 4.10” Wall is now full! Check that bad boy out in all it’s super brown glory!

 
  1. We’ve added Wall number 17! The “Desqview/X” Wall! I love this one. Might need to put my own name on it (I can do that, right?)…

 
  1. The “BeOS R5” Wall has enough space left for just a few more names. Maybe 2 or 3. Will be closing that one down soon!

Thank you to everyone for the massive outpouring of support for The Lunduke Journal. You make all of this possible!

-Lunduke

Read full Article
post photo preview
Lunduke's Week in Tech : June 21 - June 27, 2026

Lunduke’s Thoughts of The Week

This week, like most weeks, was an absolute rollercoaster in the world of Computer News (tm). Organizations banning co-founders. Corporations taking away access to media you’ve purchased. Wild stuff. See all of that below.

But let’s get off the crazy Tech News Rollercoaster for a moment, and talk about something truly inspiring. And, importantly, stupidly fun.

I would like to point you towards FujiNet.

I’ve talked about FujiNet before but, if you haven’t looked at it recently, you owe it to yourself.

It is, in part, a WiFi adapter for a wide array of 8-bit computers. Atari, Tandy Color Computer, Apple II, and DOS. But that really doesn’t do these sweet little devices justice.

Because the FujiNet adapters handle all of the internet protocols on-device, they allow such feats of technical wizardry as… using an Apple II to connect to a modern SSH server running on a Linux host. Wild.

The team behind these amazing little gizmos have been working on two new things lately, both of which brought a tremendous smile to my face.

The first is a series of FujiNet programming manuals, and user manuals, for each supported retro computer platform. What’s more… they took the extra effort of making the PDF manuals use the classic styles of each platform’s own manual.

For example: The Apple II FujiNet “Getting Started” manual is designed to look like the old Apple IIc manual. Same with the Coleco Adam manual.

It’s a little touch… but it really tells you a lot about the love these guys have for these classic machines.

The second thing they’ve been building, is a set of Android emulators, for those retro computing platforms, with built-in emulation of the FujiNet itself. So you can, for example, have a “FujiNet” enabled CoCo… online. Emulated on your Android phone/tablet.

Because the team has taken the time to build online multiplayer games — with versions for each computer — you could use an Android phone to emulate a CoCo and play a multiplayer game with someone on an Atari Lynx.

If you’re interested in this retro computing magic, I recommend following Thomas Cherryhomes on X. He regularly posts goodies related to FujiNet. And, honestly, it’s just too much fun for words.

Biggest Tech Stories - June 14 - June 20, 2026

Here are the major stories from the last week, with direct links to X and Substack.

See Lunduke.com for all other platforms (Rumble, RSS Audio Podcast, etc.).

  • Which Operating Systems Are Refusing to Do Age Verification? (X, Substack)

  • Paid Minimalist Brave Browser? Yes, Please! (X, Substack)

  • Wikipedia Bans Wikipedia Co-Founder For Saying Wikipedia Should be Neutral (X, Substack)

  • XLibre, the “Vanity, Protest Fork” of Xorg, Has Yet Another Major New Release (X, Substack)

  • XFCE’s Wayland “Preview Release” is Horribly, Expectedly Broken (X, Substack)

  • Sony PlayStation Deleting Purchased Movies (X, Substack)

Huge thank you to all of The Lunduke Journal’s subscribers. You make all of this possible.

-Lunduke

 
Read full Article
See More
Available on mobile and TV devices
google store google store app store app store
google store google store app tv store app tv store amazon store amazon store roku store roku store
Powered by Locals