E84 - AI Drama | Brazil's Lesbian Dating App Disaster: AI Security Flaw

Brazil’s Lesbian Dating App Disaster: AI Security Flaw

🎧 Listen now:

👉 Spotify https://open.spotify.com/episode/249ZA6nHHoKmaiGYqY6Jum?si=91mGWjWJT-ur14At1KWpjA&nd=1&dlsi=a9615ac3d72642d5

👉 Apple Podcasts https://podcasts.apple.com/at/podcast/brazils-lesbian-dating-app-disaster-ai-security-flaw/id1846704120?i=1000732455609

💔 Description

Marina thought she finally found safety.

A lesbian dating app in Brazil — built by queer women, for queer women.

Manual verification. No fake profiles. No men.

Then everything went wrong.

In September 2025, Sapphos launched as a sanctuary with government-ID checks.

Within 48 hours, 40,000 women downloaded it.

A week later, a catastrophic flaw exposed the most sensitive data of 17,000 users — IDs, photos, names, birthdays.

🔍 One researcher discovered he could view anyone’s profile just by changing a number in a URL.

That’s how fast “safety” can vanish when speed beats security.

🧠 What This Episode Covers

This episode of AI Drama investigates how AI-generated code, underqualified devs, and “vibe coding” collided with a vulnerable community.

It’s not a takedown of two activists — it’s a warning about asking for extreme trust without professional security.

🎓 You’ll Learn

• How a single IDOR-style bug leaked government IDs and photos
• Why AI-generated code often ships with hidden flaws
• The unique threats LGBTQ+ apps face in high-violence regions
• What happened after the founders deleted evidence of the breach
• How to spot red flags before uploading your ID anywhere

⚠️ The Real Stakes

🇧🇷 Brazil remains one of the most dangerous countries for LGBTQ+ people.

Lesbian and bisexual women face three times higher rates of violence than straight women.

For many Sapphos users, being outed wasn’t embarrassing — it was life-threatening.

🧩 What Went Wrong

• Identity checks increased trust — but concentrated risk
• When one app collects IDs, selfies, and locations, a single bug exposes everything
• AI sped up insecure coding — ~45 % of AI-generated code has vulnerabilities
• No audits, no penetration tests, poor access control
• Logs deleted → evidence erased
• Communication failed: instead of transparency, users saw silence and denial

🚨 Red Flags Before Trusting an App

✅ Verified security audits (SOC 2 / ISO 27001)

✅ Transparent privacy policy + deletion options

✅ Minimal data collection — no unnecessary IDs

✅ Public security contact or bug-bounty page

✅ Experienced, visible founding team

❌ Avoid apps claiming “100 % secure” or “completely private”

🛡️ Safer Habits

🔑 Use unique emails + a password manager

🕵️ Prefer privacy-preserving verification methods

📍 Turn off precise location & strip photo metadata

🆔 After any breach: change credentials, rotate IDs if possible, monitor credit

💬 Notable Quotes

“Marina’s only ‘mistake’ was trusting people who promised protection.”

“The lesson isn’t don’t build — it’s don’t build insecure. Demand proof, not promises.”

📊 Select Facts

• ~45 % of AI-generated code shows security flaws
• LGBTQ+ users face more online harassment
• Brazil records one LGBTQ+ person killed every ~48 hours

🎙️ AI Drama is a narrative-journalism podcast about the human cost when technology fails those who trust it most.

Hosted by Malcolm Werchota.