The Tea dating app revealed 1.1 million women’s private conversations in addition to their pictures and photo IDs: Report

Another significant data breach has occurred at the Tea dating app, which is supposed to provide a secure environment for women to exchange details about men. A recent revelation claims that over 1.1 million user-to-user private messages have been made public online. According to reports, these messages contain extremely private exchanges in which women talk about topics such as abortions, cheating spouses, and even exchanging phone numbers in order to remove the conversation from the platform.

This is the app’s second significant security breach in less than a week. The most recent breach involves a significantly wider amount of sensitive data than the first, which exposed thousands of individuals’ official ID photographs and selfies. This problem was found by cybersecurity researcher Kasra Rahjerdi, who told 404 Media about his findings. The magazine was able to confirm that the usernames are still active on the app and validate the validity of the communications that were leaked.

The messages database was discovered as a result of the most recent vulnerability, which allegedly gave any Tea user access to the app’s core API. The conversations that were made public began in early 2023 and continued until last week. Unlike the previous incident, which Tea claimed was related to an old storage system — this breach affected a current system, making it far more serious.

Conversations in which women realized they were seeing the same man and disclosed information to verify it, including the vehicle he drove, are among the texts the publication has seen. Women discussed extremely intimate topics in other talks, such as relationship issues and abortions. Additionally, there were messages from wives who contacted other app users after finding their husbands on the app.

Many people gave their real names, phone numbers, or social media handles in these discussions, which made it simpler to identify them even though Tea encourages users to choose anonymous screen names. Given that these private talks were supposed to be safeguarded, this has sparked worries about user safety.

Online users have harshly criticized the app, particularly in the wake of the initial data breach. Some users used the exposed selfies and ID photos as part of a cruel ranking game after the earlier leak was shared on sites like 4chan. The photos were used to create a “Facemash”-style website where people were asked to choose who looked more attractive. Thousands of images have reportedly been viewed and ranked on that site.

Tea was recently one of the most downloaded apps on the App Store and now claims to have over 1.6 million users. It became well-known for using selfies to authenticate users and guarantee that only women could sign up. But the consecutive hacks have cast major doubt on the platform’s user protection capabilities.

“We are continuing to work expeditiously to contain the incident and have launched a full investigation with assistance from external cybersecurity firms,” a Tea spokesman told 404 Media in response to the most recent incident. Additionally, we have contacted law police and are supporting their investigation. We don’t currently have any additional information to give because our inquiry is still in its early phases.

The fact that it is yet unknown whether anyone other than the researcher gained access to the leaked data exacerbates the matter. Numerous users’ safety and privacy are now at stake since both identity documents and private communications could end up in the wrong hands.