Last week, the two-year-old social media app Tea, which functions as a Yelp-style platform where women can anonymously rate and review real men who cannot access the app nor respond, experienced an intense moment of virality that rocketed it to the top of the most-downloaded list on Apple’s App Store. But within days, it faced a major data breach that leaked years-old user data. And now there are reports of a second breach, and it’s even worse.
Reps for the app said last week that the data that leaked was about two years old, and that no information related to users who joined more recently appeared to be included. But according to a new report from 404 Media, the second incursion leaked direct messages and other data from as recently as last week.
The second data breach included more recent information
According to 404 Media’s report, an independent security researcher named Kasra Rahjerdi reported the second breach, noting “it was possible for hackers to access messages between [Tea] users discussing abortions, cheating partners, and phone numbers they sent to one another.” This breach appears to be of a separate database, not the same one that was at issue last week, and this database stored much more recent information.
In last week’s breach, hackers were able to view and disseminate user verification images—including photos of driver’s licenses—that were submitted when women signed up for the service.
[…]
In its report, 404 Media makes clear that this security issue was noticed and flagged by an independent researcher—but there’s no way of knowing who else may have discovered it and not taken the info to the media. The outlet was able to confirm that the database included private, potentially sensitive information about not only the women who were chatting within the app, but the men they were discussing. Some women shared phone numbers and private details of their interactions with men and made accusations about the men’s conduct. While Tea encourages users to create anonymous usernames, 404 Media reported it wasn’t hard to tie at least a few of the messages back to real-life people.
[…]
I certainly acknowledge that warning women of abusers, violent men, and cheaters is a good, safe thing to do and that anonymously rating people and not having to provide any proof of the accusations you’re publicly making against them is potentially a very bad thing.
And inarguably, the fact that thousands of women’s photos and private messages were stored in such an insecure way by Tea that they have been exposed in multiple data breaches is definitely a very bad thing. No one is winning here.
Source: The Viral ‘Tea’ App Just Had a Second Data Breach, and It’s Even Worse
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft