Past users of viral women’s dating safety app Tea are the latest victims of a massive cyberattack, which has rendered thousands of user images held in a legacy database vulnerable.
First reported by Reddit users, the hack was verified by 404Media and later confirmed by Tea itself, and affects 72,000 images posted to the app over the last two years. Of the hacked data, 13,000 images were selfies or photo identification cards like drivers licenses submitted by users to verify their accounts. Another 59,000 images stored in the database were of individuals posted to the app.
Tea, founded by Sean Cook, was designed as a women-only app for users to document their negative experiences with men and warn other women of potential danger. According to Tea’s website, 10 percent of its profits are donated the National Domestic Violence Hotline.
Mashable Light Speed
The vulnerability was discovered by users on 4Chan, who began sharing photo IDs of women on the platform. In a thread detailing the hack, one user wrote: “Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It’s a public bucket. DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!” Other users stated they were collecting personal information from the images, 404Media reported. In a statement to the publication, Tea said the data was stored to comply with cyber-bullying prevention requirements and that no current user information had been breached.
Earlier this week and due to several viral tweets from its users, Tea became the number one app on the Apple App Store. The trending app has since become the subject of online controversy, particularly from individuals who disagree with the app’s focus on documenting unwanted and inappropriate behavior of men in a public forum, without verification. Many critics (including men who have been implicated on the app) see the app’s reporting mechanisms, such as users posting images of “red flag” men, and its user verification system, which uses photos to “confirm” a user’s gender, as violations of privacy.
Culturally, others worry it’s forum-like nature is too similar to online snark pages, which often incentive users to engage in obsessive cycles of gossip and online harassment, and could potentially lead to doxxing. It has been compared to the popular “Are we dating the same guy?” Facebook page.
This Tweet is currently unavailable. It might be loading or has been removed.
This Tweet is currently unavailable. It might be loading or has been removed.
This Tweet is currently unavailable. It might be loading or has been removed.
This Tweet is currently unavailable. It might be loading or has been removed.
In an X post from July 22, one user wrote, “How long til there is a data leak? I’m giving it 1 month.” Other emboldened online users responded to the popularity of the women-only app with overtly misogynistic “copycat” apps, including ones intended to track women’s “body counts.” “Introducing BoxScore, a man-only app where users anonymously share info and warnings about women to spot red flags and get feedback,” wrote user @tolly_xyz in a post on X.
