In a troubling development, over 1.1 million private messages exchanged among users of the mobile application “Tea” have been compromised, marking the app’s second major data breach within a brief timeframe. This US-based platform, initially launched in 2023, aims to provide safety tools for women engaging in online dating.
The latest breach, reported on July 28, 2023, involved highly sensitive communications, including discussions surrounding topics such as abortions and allegations of infidelity. Notably, the app has gained traction in the media recently, particularly due to its security vulnerabilities, as highlighted by 404 Media.
Available exclusively to women in the United States, Tea promotes itself as a resource for identifying trustworthy partners, including features to flag “green flag” men, detect potential catfish profiles, and check users’ criminal histories. To enhance user security, the app requires participants to submit personal information for identity verification.
Since its surge in popularity, Tea reports an impressive user base exceeding 4.6 million, reflecting its recent top rankings on app store charts. However, this escalation in user engagement has raised concerns over potential misuse of the platform, including slander, doxxing, and the sharing of personal details without consent.
Following an earlier incident on July 25, where users on the 4Chan forum uncovered an exposed database containing 72,000 images, including selfies and identification used for registration, the app faced intense scrutiny. The breach also revealed 59,000 publicly available images related to posts and direct messages within the platform.
Tea’s protocol necessitates users to submit a selfie and personal data for verification to ensure gender authenticity. However, according to the app’s privacy page, these images are intended for temporary storage, deleted after the verification process.
In its defense regarding the data exposure, Tea stated that only those who registered before February 2024 were affected and that data storage complied with law enforcement requirements for cyberbullying investigations. However, the scope of the breach extends back to early 2023.
“We are continuing to work expeditiously to contain the incident and have launched a full investigation with assistance from external cybersecurity firms. We have also reached out to law enforcement and are assisting in their investigation,” a Tea spokesperson stated in response to the recent breach.
The fallout from these breaches poses significant risks not just to the app’s users but also to the individuals discussed within these sensitive communications. Although user identities remain anonymous, the compromised data can potentially empower malicious actors to exploit disclosed information, leading to targeted harassment or identity theft.
Reports have emerged indicating that stolen identification photos are being misused on various platforms that allow users to rate individuals from Tea based on their attractiveness, with some sites amassing considerable traffic. Additionally, male-only apps have surfaced as counterresponses to Tea, though some of these new platforms have been swiftly taken down for sharing explicit materials.
