Tea, a ladies’s security relationship app that surged to the highest of the free iOS App Retailer listings, suffered a serious safety breach final week. The corporate confirmed Friday that it “recognized licensed entry to considered one of our methods” that uncovered hundreds of person photos. And now we all know that DMs had been accessed in the course of the breach, too.
Tea’s preliminary findings from the tip of final week confirmed the information breach uncovered roughly 72,000 photos: 13,000 photos of selfies and photograph identification that folks had submitted throughout account verification, and 59,000 photos that had been publicly viewable within the app from posts, feedback and direct messages.
These photos had been saved in a “legacy knowledge system” that contained info from greater than two years in the past, the corporate mentioned in assertion. “Presently, there is no such thing as a proof to counsel that present or extra person knowledge was affected.”Â
Earlier Friday, posts on Reddit and 404 Media reported that Tea app customers’ faces and IDs had been posted on nameless on-line message board 4chan. Tea requires customers to confirm their identities with selfies or IDs, which is why driver’s licenses and footage of individuals’s faces are within the leaked knowledge.
And on Monday, a Tea spokesperson confirmed to CNET that it moreover “not too long ago realized that some direct messages (DMs) had been accessed as a part of the preliminary incident.” Tea has additionally taken that affected system offline. That affirmation adopted a report by 404 Media on Monday that an unbiased safety researcher found it could have been attainable for hackers to achieve entry to DMs between Tea customers, affecting messages despatched as much as final week on the Tea app.
Tea mentioned it has launched a full investigation to evaluate the scope and affect of the breach.
What’s Tea?
The premise of Tea is to supply ladies with an area to report unfavourable interactions they’ve had whereas encountering males within the relationship pool, with the intention of retaining different ladies protected.Â
The app is at present sitting on the No. 2 spot without spending a dime apps on Apple’s US App Retailer, proper after ChatGPT, drawing worldwide consideration and sparking a debate about whether or not the app violates males’s privateness. Following the information of the information breach, it additionally performs into the broader ongoing debate round whether or not on-line identification and age verification pose an inherent safety danger to web customers.
Within the privateness part on its web site, Tea says: “Tea Relationship Recommendation takes cheap safety measures to guard your Private Info to stop loss, misuse, unauthorized entry, disclosure, alteration and destruction. Please bear in mind, nonetheless, that regardless of our efforts, no safety measures are impenetrable.”
