Tea, a women’s safety dating app that recently topped the free iOS App Store charts, has experienced a significant security breach. The company disclosed that it detected unauthorized access to one of its systems, leading to the exposure of thousands of user images.
Initial investigations revealed that the breach allowed entry to around 72,000 images. These images were categorized into two sets: 13,000 comprised of selfies and photo IDs submitted for account verification, and 59,000 images publicly accessible within the app from various user interactions.
The company clarified that these images were stored in a legacy data system with information dating back over two years. As of now, there is no indication that current or additional user data has been compromised.
Earlier reports from Reddit and 404 Media on Friday highlighted the posting of Tea app users’ identities on the anonymous platform 4chan.
Tea mandates users to confirm their identities with selfies or IDs, hence explaining the presence of driver’s licenses and facial photos in the leaked data.
The primary goal of Tea is to provide women with a platform to report negative experiences with men in the dating scene, aiming to safeguard other women. Despite reaching the No. 1 position on Apple’s US App Store this week and gaining global attention, concerns have been raised about potential privacy infringements regarding men. Should the breach reports prove accurate, it will further fuel discussions on the security risks associated with online identity verification.
In the privacy segment of their website, Tea declares: “Tea Dating Advice implements comprehensive security measures to safeguard your Personal Information, aiming to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please note that despite our efforts, no security measures are entirely foolproof.”
Tea confirmed the initiation of a thorough investigation to evaluate the extent and consequences of the breach.
