if im understanding correctly this was a public bucket? aside from the obvious leaking of data couldnt this also be subject to a DoW (denial of wallet) attack where a user could auto download all the images constantly on a VPS and cause a massive bill?
chneu|7 months ago
So...they were storing people's information long term in a publically accessible bucket when users did not know. In fact, I believe users were told their IDs/selfies were immediately deleted(not stored), then Tea turned around and says they were legally required to store those photos. Tea had to address this in their press release, apparently.
nonhaver|6 months ago