The app Tea, which focuses on discussions about the men women are dating, experienced significant security breaches on Friday. This incident saw the release of 72,000 selfies, ID photos, and other images associated with users. Now, the app is dealing with further leaks after another database, this one containing user chats, has come to light.
Reports indicate that the unsecured data in Tea may contain around 1.1 million private messages exchanged between users of the app.
The leaked database holds conversations between users from early 2023 until just last week. Many of these messages appear to address sensitive topics, such as abortions.
Other discussions involve users sharing details about men they are involved with—whether they’re dating, engaged, or married. This includes sharing information like car models to confirm they’re talking about the same person.
Some messages reportedly feature dating advice from users, with statements such as “I’m his wife.”
Furthermore, it seems that Tea users can easily identify one another using social media profiles, phone numbers, or real names, all of which are shared across different chats and apps.
In the conversations, users not only criticize men but also express grievances against other women on the platform, as highlighted by various reports.
Kasra Rahjerdi, a researcher who uncovered the second database, mentioned that Tea users can access data using their own API keys.
“During our investigation into cybersecurity incidents involving Tea apps, we learned that direct messages (DMs) can be accessed as part of the initial breach,” said BleepingComputer.
The company stated it is “working to identify users affected by the personal data leak,” and noted that the platform has taken the affected systems offline while the investigation unfolds.
According to Breitbart News, the first database leak exposed tens of thousands of user images, including selfies and ID photos, leaving many women on the platform vulnerable to harsh scrutiny on social media.
Being a female-only app, Tea requires users to verify their identity by uploading a selfie or photo ID before joining.
One user query in the app’s FAQ asked, “Did you think your selfies have been deleted?” The app responded by explaining that photos are archived due to “law enforcement requirements regarding cyberbullying prevention.”
Notably, this data breach coincided with a surge in downloads that made the app number one in the US on Apple’s App Store, sparking significant attention and raising concerns about potential violations of men’s privacy.
