The problems with the data leak at the Tea app have grown since the initial news broke last week and now include two data exposure incidents that put the personal info of thousands of users at risk online.
So what happened with the app that suddenly sprang into the number one position on the App Store and then suddenly into the spotlight for problems and user issues?
We break down everything you need to know about the infamous Tea app below.
What is the Tea app?
The Tea app is a women-only dating app that acts as a safety platform. Its users share anonymous reviews about men they've dated or are dating and have conversations about them. In order to start a membership, users must submit a selfie and a government issued ID for verification.
The Tea app recently became the top free app in the App Store for iOS users and has 2 million downloads; it's also has top Google Play Store rankings as well. It has gotten enough notoriety that people on 4chan were calling for it to be hacked, according to reporting on The New York Times.
What happened with the initial breach?
Although the event is not technically a 'breach' per se, according to various reports including one from BGR , a leak occurred on Friday, July 25.
The Tea app and website were untouched but an unsecured database of thousands of online records were leaked across various websites after an anonymous 4chan user pointed out that the app uses an unsecured Firebase storage bucket to house the IDs, selfies, photos and images uploaded by users.
That user additionally shared a Python script that could be used to download the data from the storage bucket which has since been secured. Altogether over 59GB of data was exposed which includes: 72,000 images included 13,000 selfies and identification images submitted by users, as well as 59,000 images from posts, comments and direct messages. Location data could be obtained from some of these images too.
Tea confirmed in a public statement that this initial leak affected users who had signed up before February 2024, calling it a “legacy storage system,” and confirming that no email addresses or phone numbers were exposed.
The company behind the app then went onto explain that the selfies could not be deleted as they were stored in order to comply with law enforcement requirements related to cyber-bullying prevention. However, this leaked data – which has now been shared across various hacking forums – not only exposes the app's members to a variety of phishing and social engineering attacks but also stalking and humiliation.
What happened in this latest breach?
This secondary breach contains an additional database of 1.1 million private messages sent between users on the platform and includes more recent data – from 2023 to just last week – as well as messages on sensitive topics.
According to the reporting from 404 media, it would be possible to identify users based on their social media profiles, phone numbers or other personal information that wass revealed in these messages.
What is happening now?
Tea says it is continuing to work with law enforcement in order to assist with the investigation and in a statement to Bleeping Computer, the company stated that that some direct messages (DMs) were also accessed as part of the first incident. Likewise, Tea confirmed that it has now taken the affected messaging systems offline, though they have found no additional evidence of access to any other parts of its systems.
Tea added that they were working to identify users whose personal information was involved and they would be offering free access to the best identity protection theft services to affected individuals. Tea has also encouraged users who have questions to reach out to them via support@teaforwomen.com for more information. Tea users should also consider replacing their IDs, freezing their credit, and carefully monitoring all of their online accounts.
Additionally, users should be aware of the signs of a phishing or social engineering attack and be wary of any unexpected links or attachments in emails or texts, especially those from unknown senders. Be wary of anyone who attempts to contact you through social media, and anyone who asks for personal information.
Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button.
