Recently, the social media platform Tea, designed for women to anonymously evaluate and review men, shot to prominence on the Apple App Store as one of the most downloaded apps. However, this surge in popularity was marred by serious privacy issues, as a major data breach soon surfaced, exposing user information accumulated over the years. Reports indicate that a second, even more catastrophic breach occurred shortly thereafter.

According to representatives from the platform, the initial leak involved data that was about two years old, with no indication that newer users were affected. Yet, new findings reported by 404 Media revealed that recent direct messages and more current information were compromised. Consequently, the DM feature has been disabled while the team works to inform those impacted and provide them with “free identity protection services.” Here’s a summary of the unfolding situation.

Second Data Breach Unveils More Recent Data

In a report by 404 Media, independent security researcher Kasra Rahjerdi explained that hackers had the ability to access private messages exchanged between users discussing sensitive topics such as abortions and infidelity. This breach seems to involve a different database than the one affected previously and contains significantly more recent user data.

In the earlier data breach, hackers managed to access and distribute verification images submitted by users, including driver’s license photos. A spokesperson for Tea Dating Advice, Inc. confirmed that they were aware of unauthorized access and promptly initiated an investigation to comprehend the depth and implications of the incident. Initial findings indicated that the breach stemmed from an outdated data storage system containing information older than two years. Approximately 72,000 images—including around 13,000 verification photos and 59,000 images visible within the app—were compromised.

The spokesperson mentioned, “Currently, there is no evidence suggesting that currently active user data was compromised.”

Implications of the Data Breach

The 404 Media report highlighted that the breach was detected by an independent researcher; however, it’s uncertain whether others may have encountered the same exposure without reporting it. The compromised database contained private and potentially sensitive information regarding not just the women communicating on the platform, but also the men discussed within those conversations. Many users revealed personal phone numbers and detailed their interactions with men, making accusations about their behaviors. Although Tea encourages the use of anonymous usernames, at least some of these messages could be traced back to real individuals.

For users of Tea, the implications are significant. It remains unanswered whether this data has been accessed by others or shared online. Exposure of such private conversations is troubling, especially for users who were led to believe the app assured their anonymity.

Additionally, the DM function has been temporarily disabled as a precaution. A representative communicated, “In our ongoing inquiry into the cybersecurity incident affecting the Tea App, we have determined that certain direct messages (DMs) were accessed during the initial incident. To mitigate risks, we have taken the affected system offline. So far, we’ve discovered no access to other elements of our infrastructure.”

“Our team is actively working to bolster the Tea App’s security and aims to identify users whose personal information may have been involved, offering free identity protection services to those affected,” they added.

Key Information About Tea

If this is the first time encountering Tea, congratulations on your limited online activity. The app, primarily designed for women, operates similarly to Yelp, allowing users to share reviews about men. Upon joining, users must submit a verification photo to confirm female identity, though the criteria for acceptance concerning LGBTQ+ or gender non-conforming individuals remain ambiguous. Once admitted, users can search for men by name, share comments, or leave red or green flag reactions to assess whether a man is viewed negatively or positively.

Interestingly, men do not have access to the app, leaving them unaware of any reviews or comments directed at them. This is significant, considering that Tea recently announced a surge of over 2.5 million new requests for membership, potentially exposing many men to reviews they may never see.

While some might argue that refraining from negative behavior would prevent men from being tagged with a “red flag,” the absence of due process could lead to irreparable reputational harm for those who might not deserve such scrutiny. Tea’s mission statement promotes “Dating safely for women,” advocating tools to “run background checks,” “identify potential catfish,” and “verify he’s not a sex offender,” but the anonymity afforded in leaving remarks could also facilitate defamation.

It’s essential to recognize that warning women of harmful individuals is undoubtedly important; however, the ability to rate individuals anonymously without necessary corroboration poses inherent risks. Furthermore, the exposure of thousands of women’s images and private discussions through multiple data breaches is an unequivocal failure of security practices. The scenario reflects a significant loss for all parties involved.