|
|
|
|
|
|
by nonhaver
324 days ago
|
|
|
if im understanding correctly this was a public bucket? aside from the obvious leaking of data couldnt this also be subject to a DoW (denial of wallet) attack where a user could auto download all the images constantly on a VPS and cause a massive bill? |
|
|
So...they were storing people's information long term in a publically accessible bucket when users did not know. In fact, I believe users were told their IDs/selfies were immediately deleted(not stored), then Tea turned around and says they were legally required to store those photos. Tea had to address this in their press release, apparently.