Major Data Breach Affects Tea App Users: 72,000 Photos Exposed
In a troubling incident, hackers have compromised the Tea app, leading to the exposure of thousands of user selfies and government ID images. This platform, aimed specifically at women, facilitates the sharing of personal information regarding men they are dating or interested in dating. A spokesperson from Tea confirmed the breach and its serious implications.
Details of the Data Breach
The attack has revealed data from around 72,000 images, which breaks down into approximately 13,000 verification selfies and various government-issued ID photographs. This information was provided by users to verify their identities during the onboarding process. The extent of this breach raises significant concerns about user privacy and data security.
Understanding the Functionality of Tea App
Tea has rapidly gained popularity, recently topping the charts as the most downloaded free app on the Apple App Store. Operating like a virtual whisper network, it allows users to anonymously share opinions about men, categorizing them as “red flags” or “green flags.” The app promotes user anonymity and has features that prohibit screenshots, enhancing privacy.
To register, Tea requires users to submit a selfie to verify their gender. The company claims these images are deleted after a brief review, but the breach raises doubts about the reliability of this assurance.
Investigation into the Data Breach
A spokesperson for Tea stated that the breached data was stored in an archived database dating back over two years. This data was previously maintained to comply with legal requirements aimed at preventing cyberbullying. Since the breach has come to light, the company has contracted third-party cybersecurity experts, emphasizing their commitment to user privacy and data protection.
Further complicating the situation, cybersecurity researcher Kasra Rahjerdi discovered a second vulnerability that enabled unauthorized access to over 1.1 million direct messages exchanged between users. Some of these messages contained sensitive personal information that could potentially identify users.
Responses to the Breach
In an effort to mitigate the damage, Tea has taken affected systems offline and is offering free identity protection services to those whose data may have been compromised. The company is actively working to identify impacted individuals to provide them with assistance.
Online Communities and Potential Misuse
The breach has triggered discussions on certain online forums, particularly 4Chan, where users have called for “hack and leak” activities targeting the Tea app. Reports surfaced that unauthorized links to download the stolen images were shared, with various photos circulating across platforms like 4Chan and X (formerly Twitter).
Additionally, someone reportedly created a Google Map that shows the coordinates of affected Tea users, raising further questions about their safety and privacy. Disturbingly, some leaked data appears to have been used to track individuals to U.S. Army bases. Claims have surfaced on cybercriminal forums offering a massive 55 GB data dump of selfies and IDs from the app.
It seems that a misconfigured Firebase storage bucket—a cloud-based platform by Google—was a significant vulnerability in this breach, as multiple cybersecurity experts verified that it was publicly accessible prior to the incident being revealed.
User Reactions and Concerns
The Tea app data breach has sparked outrage among its user base, many of whom trusted the platform’s privacy assurances. Users have taken to the app’s social media channels to express their dissatisfaction, particularly as some find themselves still on waitlists despite increasing claims of new signups.
This controversy ties back to larger concerns regarding the app’s functionality. Although designed to empower women by providing a platform for sharing experiences and ensuring safety, critics have voiced apprehensions about the potential for misrepresentation and cyberbullying.
Background on the App and Its Founder
The app was conceived by Sean Cook, motivated by his mother’s negative encounters in online dating, which included instances of being catfished. Alongside its function as a review network, Tea offers features for conducting background checks and reverse image searches to thwart catfishing attempts.
With a robust digital footprint that boasts over 240,000 Instagram followers and 190,000 on TikTok, Tea claims to engage millions monthly. Notably, it donates a portion of its profits to the National Domestic Violence Hotline, which has acknowledged this partnership.
Despite ongoing investigations into the breach, the incident starkly underscores the risks associated with platforms reliant on sensitive personal data. The revelation of compromised identity documents and private messages leaves many users feeling vulnerable and deceived.
