Tea, a ladies’s security relationship app that surged to the highest of the free iOS App Retailer listings, suffered a significant safety breach final week. The corporate confirmed Friday that it “recognized licensed entry to considered one of our methods” that uncovered 1000’s of consumer pictures. And now we all know that DMs have been accessed in the course of the breach, too.
Tea’s preliminary findings from the top of final week confirmed the info breach uncovered roughly 72,000 pictures: 13,000 pictures of selfies and picture identification that folks had submitted throughout account verification, and 59,000 pictures that have been publicly viewable within the app from posts, feedback and direct messages.
These pictures had been saved in a “legacy information system” that contained data from greater than two years in the past, the corporate mentioned in assertion. “Right now, there isn’t a proof to counsel that present or further consumer information was affected.”
Earlier Friday, posts on Reddit and 404 Media reported that Tea app customers’ faces and IDs had been posted on nameless on-line message board 4chan. Tea requires customers to confirm their identities with selfies or IDs, which is why driver’s licenses and photos of individuals’s faces are within the leaked information.
And on Monday, a Tea spokesperson confirmed to CNET that it moreover “just lately discovered that some direct messages (DMs) have been accessed as a part of the preliminary incident.” Tea has additionally taken that affected system offline. That affirmation adopted a report by 404 Media on Monday that an unbiased safety researcher found it could have been potential for hackers to achieve entry to DMs between Tea customers, affecting messages despatched as much as final week on the Tea app.
Tea mentioned it has launched a full investigation to evaluate the scope and impression of the breach.
What’s Tea?
The premise of Tea is to offer ladies with an area to report adverse interactions they’ve had whereas encountering males within the relationship pool, with the intention of maintaining different ladies protected.
The app is at the moment sitting on the No. 2 spot free of charge apps on Apple’s US App Retailer, proper after ChatGPT, drawing worldwide consideration and sparking a debate about whether or not the app violates males’s privateness. Following the information of the info breach, it additionally performs into the broader ongoing debate round whether or not on-line id and age verification pose an inherent safety threat to web customers.
Within the privateness part on its web site, Tea says: “Tea Courting Recommendation takes cheap safety measures to guard your Private Data to stop loss, misuse, unauthorized entry, disclosure, alteration and destruction. Please bear in mind, nonetheless, that regardless of our efforts, no safety measures are impenetrable.”