TL;DR
- Alex Slater, 19, built Quittr — a porn addiction recovery app — in 10 days
- First month: $3,000 turned into $37,000 in revenue
- 6 months: $1.1M total, $250K/month MRR, 350,000 downloads, 120 countries
- One TikTok: 10 million views, $100K revenue
- The entire time: 600,000 users’ most private data was publicly readable in Firebase
- He was warned for months. He denied it. A journalist forced the fix.
Alex Slater was 19, had dropped out of university, and had never shipped a real product. He built Quittr in 10 days.
Not a landing page. Not an MVP. A full app — live, distributed, taking payments, growing. He started coding at 17, taught himself, and had enough skill to move fast with the AI tools available to anyone today. He and his co-founder Connor launched in late 2024 with $3,000 between them.
That first month, they made $37,000.
How It Grew
Quittr is a recovery app for porn addiction. That’s not a comfortable category to build in. Alex went where his users already were: Reddit communities built around self-improvement and NoFap. He didn’t wait for press coverage or cold outreach — he found the people with the problem and showed them the solution.
Then TikTok happened. One video. 10 million views. $100,000 in revenue from a single piece of content.
Oprah’s Facebook page mentioned Quittr. More downloads. More press.
Six months after that $3,000 start: 350,000 downloads across 120 countries. $1.1M in total revenue. $250,000 per month. No venture capital. Just two founders and the tools available to anyone.
This is the vibe-coding dream — move fast, ship real software, find distribution, and scale.
What Was Running Underneath
While all of this was happening, Quittr’s Firebase database was misconfigured.
The security rules were set to allow anyone with authentication to read and write the data. On Quittr’s platform, that means anyone could access 600,000+ users’ records. It means 100,000 confirmed minors had their data exposed. The records included age, masturbation habits, emotional struggles, and pornography preferences.
This is the private data of people trying to change their lives. It sat open.
Security researchers contacted Quittr in September — months before the story broke. Quittr denied there was an issue. More researchers found it. More warnings were sent. Quittr denied it again.
In March 2026, 404 Media published an investigation. The database was finally secured.
The Lesson That Actually Matters
This story gets told two ways, and both are incomplete on their own.
The first version: a 19-year-old built a million-dollar app with no VC, no team, in 10 days. Proof that the tools have changed. Proof that the gatekeepers are gone. That version is true.
The second version: those same 600,000 users trusted an app with their most sensitive personal data, and the founders shipped so fast they didn’t notice the front door was open — then actively denied it when told. That version is also true.
The real lesson is the gap between the two. Building has never been easier. Moving fast creates real leverage. And responsibility now scales with distribution in a way that “I’m just one developer” no longer protects you from. When your app reaches 350,000 people in 120 countries, those 350,000 people are real. Their data is real. The security decisions you made at day 10 still apply at month 6.
Alex Slater built something impressive. The infrastructure caught up with the growth. Most apps that move this fast just quietly stay small — they never face the moment where scale exposes the shortcuts. Quittr did, and it went poorly for the users who trusted it.
The opportunity is real. The speed is real. The cost of moving fast without looking back is also real — and it doesn’t scale the same way revenue does.
Sources: 404 Media, Cybernews, Starter Story, Startup Spells
