Dating Safety App ‘Tea’ Exposed: User IDs & Photos Leaked on 4chan

10204

A recent data breach has reportedly compromised the newly popular women’s dating safety application, Tea. Personal identifiers, including driver’s licenses and user selfies, alongside some direct messages, were allegedly accessed from an exposed database and subsequently posted on the notorious online forum, 4chan.

The incident came to light through claims made by 4chan users, who reported discovering an unprotected database hosted on Google’s Firebase, a platform commonly used for mobile app development. Screenshots, 4chan posts, and a review of code by independent media sources indicate that individuals were sifting through and publishing sensitive user information.

Tea, which has rapidly climbed to the top of App Store charts, boasts over 1.6 million users and tens of thousands of reviews. The app’s core mission is to provide a secure environment for women to share insights and information about men, aimed at enhancing safety. A key feature for new user verification involves uploading a selfie, a measure intended to confirm female identity.

Posts circulating on 4chan directly addressed the vulnerability, stating, “Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It’s a public bucket.” Another alarming message urged users to access the data quickly, saying, “DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!” These threads were reportedly deleted shortly after being posted.

In response to inquiries, Tea confirmed the breach, acknowledging that some direct messages were also impacted. However, the company asserted that the compromised data is approximately two years old. This revelation raises significant privacy concerns for the app’s extensive user base, highlighting the critical importance of robust data security measures for platforms handling sensitive personal information.