Tea, an app where women gossip about the men they are dating, suffered a major security breach on Friday resulting in 72,000 selfies, ID photos, and other user images being exposed. Now, the app is facing additional leaks after a second database containing user chats has been revealed to the public.
The slew of data left unprotected by Tea now allegedly includes 1.1 million private messages sent between users on the app, according to a report by 404 Media.
The leaked database reportedly contains conversations users had with one another from 2023 up until last week, and include multiple messages in which women appear to be discussing their abortions.
Other exchanges show app members contacting other women about the men they are either dating, engaged to, or have married, with some sharing information about their significant others, such as what car he drives, to verify other users are seeing the same man.
Many of the messages reportedly show Tea Dating Advice users telling other women “I am his wife” with regards to the men who have been posted on the app.
Moreover, Tea users can be “easily” identified via their social media profiles, phone numbers, or real names, all of which have apparently been shared on the app and in the chats, 404 Media reported.
In addition to accusing men of nefarious behavior, Tea conversations also include users oftentimes making “damning accusations” against other women on the app, the outlet added.
Any Tea user is able to access the stored user data with their own API key, according to Kasra Rahjerdi, the researcher who discovered the second database.
“As part of our ongoing investigation into the cybersecurity incident involving the Tea App, we have recently learned that some direct messages (DMs) were accessed as part of the initial incident,” a Tea Dating Advice spokesperson told BleepingComputer.
Therefore, the company has “taken the affected system offline” as it conducts an investigation while “working to identify any users whose personal information was involved,” for whom the platform will be “offering free identity protection services,” the spokesperson added.
As Breitbart News reported, the first Tea database that was found to have been breached involved tens of thousands of user images — such as selfies, ID photos, and drivers licenses — being exposed, resulting in the women on the app having their photos leaked to social media, where they were mercilessly roasted.
Tea, which is meant to be a women-only app, requires users to verify they are female by uploading a selfie or photo ID before they are allowed to join the platform.
“I thought the selfies were deleted?” read one query listed in the company’s list of Frequently Asked Questions, to which the app replied by admitting the photos were actually archived due to “law enforcement requirements related to cyber-bullying prevention.”
Notably, Tea’s data breach transpired after the app reached number one in U.S. downloads on Apple’s App Store last week, which resulted in the platform receiving major attention, as well as backlash over questions about whether the company’s practices violates men’s privacy.
Alana Mastrangelo is a reporter for Breitbart News. You can follow her on Facebook and X at @ARmastrangelo, and on Instagram.
Read the full article here
