Tea and Fitify apps leak user photos; Proton takes Apple to court; Approov raises £5M to boost API protection - plus key webinar on securing mobile apps.
Tea Dating App Breach Bigger Than Previously Thought
Dating safety app Tea has suffered a major breach exposing approximately 72,000 user images - including 13,000 selfies and ID documents used for account verification - and 59,000 additional images from posts, comments, and direct messages. The exposed content reportedly appeared briefly on 4chan and revealed deeply personal conversations, sparking debate over the app’s infrastructure, data retention policies, and the illusion of anonymity on platforms promising user safety. (Image credit: Koshiro K - stock.adobe.com)
Approov Secures £5M Series A to Accelerate Mobile App and API Security for the AI Era
Approov has closed a £5 million Series A funding round led by the IFS and Maven Capital Partners, with participation from Souter Investments, Lanza techVentures, and Scottish Enterprise. This funding milestone enables us to bolster our R&D team in Edinburgh, driving the creation of advanced technologies to secure mobile applications and APIs against evolving threats in real time, including those powered by AI.
McDonald’s Job Applicant Data Exposed via Internal API Flaw
A major flaw in McDonald’s third-party recruitment chatbot exposed sensitive data of over 64 million applicants worldwide. An unauthenticated API allowed access to personal details without login, underscoring the risks of weak API security in outsourced HR platforms.
Webinar | August 21: Integrating Mobile Security with Traditional App Sec
Discover how to fully validate every mobile API request and stop fake apps, scripts, bots, and scrapers in their tracks. In this webinar, you'll learn a fast, effective way to authenticate every backend request at runtime - leveraging the app security infrastructure you already have. No major changes. Just better protection, instantly.
A fitness app with over 25 million users has accidentally exposed a staggering 373,000 files, including 138,000 progress photos and 6,000 body scans, in an unsecured Google Cloud bucket - no passwords, no encryption, no protection. Even more troubling? Hard‑coded API keys and client secrets for Google, Firebase, Facebook and Algolia lurked in the app’s code, creating multiple attack vectors.
Privacy-focused App Maker Proton Sues Apple Over Alleged Anticompetitive Practices and Fees
Proton is suing Apple, alleging anticompetitive practices that harm developers, users, and digital freedoms. The case challenges Apple’s control over app distribution and payments, citing high fees, restrictive rules, and limits on privacy tools. Proton joins a broader class-action push for App Store reform and warns of Apple’s role in enabling censorship.
