Leaked Images of 13,000 Users on 4Chan Due to Security Breach in Popular Tea App
In a concerning turn of events, the popular dating app Tea has suffered a significant data breach. The vulnerability stemmed from poorly secured data storage, enabling attackers and others to access and disseminate highly sensitive user data.
The breach exposed a vast amount of personal information, including government-issued IDs, selfies, user-uploaded images, and other verification documents. This sensitive data was accessible until it was discovered and shared on forums like 4chan. To make matters worse, a second leaked database surfaced, revealing over 1.1 million private messages between users, some of which discussed intimate relationship issues and sensitive topics such as abortions.
The implications of this breach are severe. Over 59 GB of data was leaked, involving about 72,000 sensitive images and 13,000 verification selfies. Private message content, including personal conversations with phone numbers and sensitive disclosures, was exposed. The leaked data was widely distributed via torrents and forums, increasing risks of harassment, social engineering, and privacy violations.
The fallout from the breach has been substantial. Two class-action lawsuits have been filed against Tea for negligence and breach of implied contract. Tea app users face risks of identity theft and reputational damage due to exposed verification documents and intimate communications.
Tea has acknowledged the breach occurred in legacy systems and has offered identity protection services for affected users. However, the breach has undermined the app’s original promise of a safe platform for women to share dating experiences freely. The viral app Tea, used for anonymously posting images and exposing details about dates, has been breached, leaving many users feeling betrayed and vulnerable.
Cybersecurity experts have criticised Tea for misinterpreting how to record private information and making it accessible. Jake Moore, global cybersecurity advisor at ESET, and Kevin Marriott, senior manager of cyber and head of SecOps at cybersecurity outfit Immersive, have expressed concern about the breach damaging trust between Tea users and the company.
A full investigation into the Tea incident has been launched with assistance from external cybersecurity firms. Tea claims to delete user images after review following the sign-up process. However, a map on Google Maps claiming to show Tea users' locations has been created, although it does not include names.
The Tea spokesperson stated that the data was stored in compliance with law enforcement requirements related to cyberbullying prevention. However, a post on 4Chan claims that Tea did not authenticate user data and publicly doxxed users who sent their face and drivers license.
The breach took place on the same weekend as the implementation of the Online Safety Act in the U.K., which requires U.K. users to upload their IDs to view certain over-18s websites or content. Tea has reached out to law enforcement and is assisting in their investigation.
This article is not related to Forbes' article titled "What Is WhatsApp Advanced Chat Privacy? Here's How To Turn It On." The Tea app's noble idea of providing dating safety for women is illustrated as problematic due to the data leak and lack of sufficient guardrails to protect users.
[1] [Source 1] [2] [Source 2] [3] [Source 3] [4] [Source 4]
- The breach of the Tea app, a viral app used for anonymously posting dating experiences, has raised significant concerns about its cybersecurity measures, as personal and sensitive data were hacked, including government-issued IDs, selfies, user-uploaded images, and private messages.
- Amidst the fallout from the breach, experts in the field of data-and-cloud-computing and technology have criticized Tea for its poor handling of private information, expressing concern that the breach has eroded trust between the Tea app and its users.
- As a result of the data breach, questions regarding the safety of the Tea app have arisen, particularly in regards to its ability to protect user data and maintain privacy within the general-news and crime-and-justice contexts.
