‘Tea’ App Spills Even More Data

Tea App Plagued by Data Breaches: What Users Need to Know

The social media app Tea, a platform designed for women to anonymously review men, has been rocked by not one, but two major data breaches in recent weeks. This comes after a surge in popularity that saw the app climb to the top of the download charts on Apple’s App Store. The breaches have exposed sensitive user data, raising serious concerns about privacy and security.

Second Breach Exposes Recent Data, Including Direct Messages

Initially, Tea representatives stated that the leaked data was approximately two years old. However, a new report indicates a second breach has compromised more recent information, including direct messages exchanged between users. These messages reportedly contained sensitive discussions about topics such as abortions, infidelity, and personally identifiable information like phone numbers.

An independent security researcher, Kasra Rahjerdi, discovered the second breach, revealing that hackers could access these private conversations. This breach appears to stem from a separate database than the one compromised in the initial incident, suggesting a systemic security vulnerability.

Initial Breach Exposed Verification Images

The first data breach involved the exposure of user verification images, including photos of driver’s licenses submitted during the signup process. The app confirmed that unauthorized access had occurred, impacting a legacy data storage system. Approximately 72,000 images were compromised, including 13,000 selfies and photo IDs used for account verification, and 59,000 publicly viewable images from posts, comments, and direct messages.

While Tea initially claimed that current user data was unaffected, the subsequent discovery of the second breach casts doubt on these assurances.

Potential Implications for Users

The implications of these breaches are significant. The compromised data includes private and potentially sensitive information about both the women using the app and the men they are discussing. Women shared personal details and accusations about men’s conduct, relying on the app’s promise of anonymity.

Although Tea encourages users to create anonymous usernames, reports indicate that it was possible to link some messages back to real-life individuals. This raises the risk of real-world repercussions for both the reviewers and the reviewed.

It remains unclear whether the compromised information has been further disseminated or uploaded online. The breaches have understandably caused distress among users who shared intimate details within the app, believing their anonymity was protected.

Response from Tea

In response to the breaches, Tea has disabled the direct messaging feature. A representative stated that the company is investigating the incident and has taken the affected system offline. They claim to have found no evidence of access to other parts of their environment.

Tea is also offering free identity protection services to users whose personal information was involved in the breaches. The company claims to be “fully engaged in strengthening the Tea App’s security.”

Understanding the Tea App

Tea is a social media app that operates as a Yelp-style platform, exclusively for women. To join, users must submit a verification photo to confirm their gender. Once approved, they can search for men by name and leave comments about them. Users can also assign “red flags” or “green flags” to men, indicating their perceived character.

Men are reportedly unable to access the app or respond to reviews. This lack of due process raises concerns about potential reputational damage for men who may be unfairly targeted.

Tea advertises itself as a tool for “dating safely for women,” offering features such as “background checks,” “catfish identification,” and “sex offender verification.” However, the anonymous commenting feature also presents the risk of defamation and misuse.

Weighing the Benefits and Risks

While the intention of warning women about potentially harmful individuals is commendable, the anonymous nature of the app and the lack of verification for accusations raise concerns about potential abuse. The recent data breaches further highlight the risks associated with entrusting sensitive information to the platform.

The fact that thousands of women’s photos and private messages were stored insecurely and exposed in multiple data breaches is a serious issue. The situation underscores the importance of data security and the potential consequences of entrusting personal information to online platforms. The future of the app remains uncertain as users grapple with the fallout from these security failures.