Tea app experiences significant backlash as private messages of over 1.1 million users are leaked online
The Tea dating app, which positions itself as a secure environment for women to share insights about potential partners, has experienced a severe security incident involving the compromise of over 1.1 million users’ private messages. This breach highlights an alarming lack of data protection and cybersecurity measures within the application, raising serious questions regarding its operational integrity.
This incident follows another breach reported just days prior, which involved the exposure of users’ selfies and government-issued identification documents. The recent leak reveals a far larger dataset, potentially amplifying the implications for user security and privacy, especially given the sensitive nature of the leaked content, which includes discussions on personal matters such as infidelity and relationship issues.
The vulnerability was discovered by cybersecurity researcher Kasra Rahjerdi, who collaborated with 404 Media to confirm the authenticity of the leaked data. The reported flaw stemmed from an unsecured internal API, enabling unauthorized access to user messages dating from early 2023 until recently. Unlike the previous incident, which Tea claimed was connected to outdated storage systems, this breach impacts operational systems, heightening its severity.
The leaked messages feature revealing interactions, with many users publicly disclosing they were in relationships with the same individual, alongside personal identifiers such as vehicle information. The discussions encompass significantly private experiences, with some women sharing information about sensitive issues like abortions and marital challenges, deepening concerns about user confidentiality.
Despite the platform’s advisement for users to select anonymous usernames, numerous individuals inadvertently shared personal information, including their real names and contact details. This oversight has compounded worries regarding the safety of users interacting through the app.
The earlier breach already ignited public outrage, especially following the circulation of images on platforms like 4chan. The situation took a concerning turn when these images were used in a “Facemash”-style voting site, urging viewers to compare users’ attractiveness, further exacerbating the privacy violation narrative.
Tea, which has garnered over 1.6 million users and gained traction due to its rigorous verification process involving user-uploaded selfies, is now facing scrutiny regarding its data security provisions following these incidents.
In response to the latest breach, a representative from Tea communicated with 404 Media, stating that the company is diligently working to mitigate the incident and has initiated a comprehensive investigation with the assistance of external cybersecurity firms and law enforcement. However, with the investigation still in its incipient stages, further details remain scant.
As apprehensions mount regarding user safety, the potential for exposed data to have been accessed by unauthorized parties raises critical questions. With the overlap of sensitive documentation and private messages now possibly in jeopardy, the urgency for heightened protective measures within the application is undeniable.
Subscribe to our Newsletter
Disclaimer: Kindly avoid objectionable, derogatory, unlawful and lewd comments, while responding to reports. Such comments are punishable under cyber laws. Please keep away from personal attacks. The opinions expressed here are the personal opinions of readers and not that of Mathrubhumi.
