Last month, we saw the massive data breach of the "Tea App" — a smartphone app for women to talk about men they don't like — resulting in over 60 GB of personally identifiable data leaked out to the public. Stuff like selfies and pictures of drivers licenses.

Well, it didn't take long for a "TeaOnHer" App to appear — with the same basic functionality, except this time for men to talk about women they don't like.

And, of course, the developer of "TeaOnHer" made the same basic mistake that the "Tea App" made: They permanently stored a ton of personal information. Including, once again, divers licenses.

You can already see where this is going.

Driver's Licenses Everywhere

Almost as soon as the "TeaOnHer" app went live, writers for TechCrunch went looking to see if they could easily access any of that data. Because wouldn't that be crazy if a copy-cat app made the exact same kind of security mistakes as the app it was copying?

What TechCrunch found was that it took no more than around 10 minutes for them to begin accessing pictures of drivers licenses of user accounts.

10 minutes!

With a bunch of the usual suspects of bad security being involved: unprotected file storage (in this case, Amazon), public API documentation, and a lack of secured API calls.

Now, unlike the "Tea App" breach — which resulted in massive archives of personal data published all over the web — it isn't known if these vulnerabilities actually resulted in significant data archives getting out there in the wild.

But, as the writers at TechCrunch put it, "The bugs were so easy to find that it would be sheer luck if nobody malicious found them before we did."

There's a Lesson Here… But it Won't Be Learned

Sure, this "hack" of the "TeaOnHer" App was easy — as was the hack of the "TeaApp" before it. Both of those systems were comically insecure.

But, the reality is, no complex online system is truly secure.

Have a website or App which stores (and publishes) user data? It can be hacked.

And, if there is sufficient interest in obtaining whatever data is being stored, not only can it be hacked… but it will be hacked.