The Tea app, a women-only dating safety platform, is grappling with a massive data breach that has expanded significantly, revealing sensitive personal information of its users. The breach involves the exposure of a staggering 59 GB of data, which includes private messages, selfies, and government identification uploaded for verification purposes. This alarming situation has escalated following the discovery of a second database that allegedly contains 1.1 million private messages shared among users, heightening concerns over the safety and privacy of the platform’s members.
Initial reports surfaced when an anonymous individual disclosed on 4chan that Tea had failed to secure a Firebase storage bucket, leading to unauthorized access to sensitive data. A Python script was shared that allowed users to download the compromised information. The company confirmed that the breach affects all users who signed up before February 2024, and emphasized the seriousness of the situation in their official statement, characterizing it as the compromise of a legacy data storage system.
Tea app representatives have stated that approximately 72,000 images were exposed, including around 13,000 selfies and identification photos. Despite efforts to delete these images, the company cited compliance obligations with law enforcement for maintaining certain data related to cyber-bullying prevention. However, this decision has come under scrutiny, as the leaked information now poses risks for the app’s users, who may be subjected to social engineering attacks.
According to a subsequent report by 404 Media, this newly discovered dataset comprises messages that cover sensitive subjects such as abortions and infidelity. Kasra Rahjerdi, a researcher who made the discovery, claimed that the messages could potentially lead to the identification of users through personal details revealed within the conversations. What was intended as a safe space has tragically turned into a mechanism for exposing and humiliating individuals, with reports of exploitative websites emerging as a result.
In light of the breach, Tea continues to collaborate with third-party cybersecurity experts to manage the fallout and investigate the breach. The company has also alerted law enforcement and is determined to enhance its security protocols moving forward.