Tea Dating Advice App Faces Major Privacy Breach: User Messages Exposed
Discover how the popular Tea Dating Advice app experienced a significant data breach, exposing sensitive user messages and images. Learn about the implications and how to protect yourself.
TL;DR
The Tea Dating Advice app suffered a data breach that exposed 72,000 user images and over a million private messages. Sensitive information, including discussions about abortions and cheating partners, was compromised. Users are advised to take precautions to protect their personal information.
Major Privacy Breach at Tea Dating Advice App
The popular mobile app Tea Dating Advice has faced a significant data breach, exposing sensitive user information. Just days after discovering unauthorized access to its systems, which leaked 72,000 user images, the app encountered a second issue involving a separate database. A researcher reported to 404Media that they could access private conversations, raising serious privacy concerns.
About Tea Dating Advice
Tea Dating Advice, often referred to as Tea, aims to provide a platform for women to share information about men they have encountered. The app, which boasts over 1.6 million users, allows women to search for men by name, find people they know, and leave comments about them. Theoretically, men cannot access the app, ensuring a safe space for women to share experiences, including warnings about potentially abusive partners.
Details of the Data Breach
The initial breach involved the leak of 72,000 images, including 13,000 selfies and photo IDs used for account verification, such as driver’s licenses. Additionally, 59,000 images from posts, comments, and direct messages were exposed. Tea acknowledged the breach, attributing it to unauthorized access to a legacy data storage system containing data from before February 2024. However, the second breach is even more concerning, as it exposed over a million private messages dating from early 2023 to the present.
Researcher’s Findings
Kasra Rahjerdi, the researcher who discovered the issue, provided a database of more than 1.1 million messages to verify his findings. The content of these messages included sensitive information such as discussions about abortions and cheating partners. With this data, it was possible to identify most users’ real-world identities, social media profiles, and telephone numbers.
Public Exposure and Risks
While the images from the first breach were shared openly on forums like 4chan, Rahjerdi only informed Tea and 404Media about the second breach. However, there is no guarantee that others have not accessed the private messages using the same method. This raises concerns about the potential misuse of this sensitive information.
Cybersecurity Concerns
The breach highlights the importance of robust cybersecurity measures. Although Tea claims to donate 10% of its profits to the National Domestic Violence Hotline, the company must prioritize the cybersecurity of its users. Sensitive data should be encrypted, and the infrastructure should be prepared for potential attacks.
Tea’s Response
A spokesperson for Tea stated:
“We have engaged third-party cybersecurity experts and are working around the clock to secure our systems. At this time, we have implemented additional security measures and have fixed the data issue.”
Protecting Yourself After a Data Breach
While there is no confirmed evidence that cybercriminals accessed the database before it was secured, users should take precautions:
- Check the vendor’s advice: Follow any specific instructions provided by the vendor regarding the breach.
- Change your password: Create a strong, unique password using a password manager.
- Enable two-factor authentication (2FA): Use a FIDO2-compliant hardware key for enhanced security.
- Watch out for fake vendors: Verify the identity of anyone contacting you about the breach.
- Take your time: Be cautious of phishing attempts that create a sense of urgency.
- Consider not storing your card details: Avoid storing card information on websites.
- Set up identity monitoring: Use identity monitoring services to detect and recover from identity theft.
Additional Resources
For further insights, check: