Tea, an app for women to safely talk about men they date, has been breached, user IDs exposed
Tea said that about 72,000 images were leaked online, including 13,000 images of selfies or selfies featuring a photo identification that users submitted during account verification. Another 59,000 images publicly viewable in the app from posts, comments and direct messages were also accessed without authorization, according to a Tea spokesperson.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Forbes
a few seconds ago
- Forbes
Tea App Breach Reveals Why Web2 Can't Protect Sensitive Data
Web2 failure exposes Tea App users' sensitive data. A dating app built to empower women and marginalized genders has now put them at risk. Tea, the viral safety-focused app that lets users anonymously review men they have dated, has suffered a major data breach. Sensitive user data including photos, government IDs, and chat logs was exposed and later shared on the message board 4chan. According to 404 Media, the breach was caused by a misconfigured Firebase database, a centralized backend platform maintained by Google. The leaked data included full names, selfies, driver's licenses, and sensitive messages from within the app. Many of these files were uploaded during identity verification processes and were never intended to be public. Tea confirmed the breach and said the data came from a two-year-old version of the app, though it's unclear whether users were ever notified of this risk during sign-up. For many users, however, that explanation offers little comfort. Trust was broken, and it was trust the platform had sold as its core value. What is Tea? Tea launched in 2023 and quickly gained attention for its bold concept. The app allows women, nonbinary people, and femmes to post anonymous reviews of men they have dated. These posts can include green flag or red flag labels along with identifying details like first names, age, city, and photo. It also offered tools like reverse image searches, background checks, and AI-powered features such as 'Catfish Finder.' For a monthly subscription fee, users could unlock deeper insights. The app pledged to donate a portion of profits to the National Domestic Violence Hotline, branding itself as a safer space for navigating modern dating. At one point in July 2025, Tea reached the top of the Apple App Store. But beneath the growth was a fragile architecture. A Breach That Breaks the Tea Mission The Tea breach is not just a case of leaked data; it is a collapse of purpose. A platform built for safety exposed the very identities it was meant to protect. Legal IDs. Facial recognition data. Personal messages. Tea marketed itself as a safe space where people could share vulnerable experiences without fear of retaliation. That trust was supposed to be a feature, not a liability. But in exposing the identities of people who likely signed up for the app under the promise of anonymity, the breach reversed the app's core mission. It also reignited debate around the ethics of crowdsourced review platforms. While Tea's users may have had the best intentions, the lack of formal moderation or fact-checking raises significant legal concerns. Already, reports suggest the company receives multiple legal threats each day related to defamation or misuse. Now, with the breach, the legal stakes have escalated. And they may soon extend into privacy litigation, depending on what jurisdictions impacted users reside in. Tea and Web2's Fragility At the heart of this failure is a familiar problem in consumer tech: reliance on Web2 infrastructure. Firebase, while powerful and scalable, is a centralized backend system. When a problem occurs, users have no control over what is exposed or how quickly it is contained. This was the foundation Tea chose, despite the known risks of centralized data storage. Web2 models store user data in app-controlled databases. This may work for e-commerce or gaming, but with private messages and government-issued IDs, the risks multiply. Once exposed, that kind of information is almost impossible to fully retrieve or erase: disappearing into the vastness of cyberspace. The Tea incident echoes previous Web2 failures. In 2015, the Ashley Madison breach exposed the names and email addresses of users on a platform designed for private affairs. The consequences ranged from public shaming to blackmail. While the scale was different, the pattern was the same: a platform promising discretion, but failing to secure its core value proposition. Web2 Tools of Tea & Web3 Upgrades The incident reopens a critical discussion around digital identity and decentralization. Web3 advocates have long argued that user-controlled identity systems—such as those built with zero-knowledge proofs, decentralized identifiers (DIDs), or blockchain-based attestations—can prevent precisely this kind of disaster. Had Tea used a self-sovereign identity system, users could have verified themselves without ever uploading their actual ID to a centralized database. They could have shared attestations from trusted issuers or community verification methods instead. These systems remove the need to store vulnerable personal files, drastically lowering risk in the event of a breach. Projects like BrightID and Proof of Humanity already explore these models by enabling anonymous but verifiable identities. Though still early-stage, these systems offer a glimpse of a safer future. Ultimately, this could help reduce single points of failure. Web3's architecture, where users control their credentials and data flows through distributed systems, provides a fundamentally different risk profile that may be better suited for sensitive social platforms. Web2 Failures Create Web3 Urgency The Tea breach also poses real-world risks beyond the app itself. Exposed IDs and selfies could be used to open fraudulent crypto exchange accounts, commit SIM-swap attacks, or bypass Know Your Customer (KYC) checks on blockchain platforms. As digital assets grow more accessible, the overlap between privacy, dating, and financial fraud will only increase. This could also create reputational damage for users outside of Tea. If their names or images are associated with unverifiable accusations, even falsely, those records could be copied or weaponized in future contexts. Search engines have long memories. So do blockchain crawlers. For regulators and technologists, the Tea breach offers a blueprint of what not to do. It also poses a serious question: should platforms that deal in high-sensitivity content be allowed to launch without structural privacy safeguards? More pointedly, can any platform promise safety without first rethinking the assumptions of its data model? What's Next for Tea & Other Web2 Tool Users For now, Tea says it is reviewing its security practices and rebuilding user trust. But the breach highlights a larger industry problem. Platforms that promise anonymity and empowerment must treat data protection as a structural principle: not an optional feature. This incident may become a case study in why Web2 safety tools are insufficient for modern risks. Whether for dating, reputation, or whistleblowing, the next generation of platforms may need to be decentralized from the start. Tea promised safety. What it delivered was a case study in how trust breaks down in the Web2 era.
Digital Trends
a minute ago
- Digital Trends
The GPU market is rough. Here are 4 GPUs you can buy that are actually worth it
I'm going to be honest with you here. Whether you want one of the best graphics cards or just any GPU whatsoever, it's not going to be easy. The GPU market is, frankly, a bit of a mess right now. It's not as bad as it was back in 2021, but that doesn't mean it's any good — so much so that I've spent the better part of this year trying to convince people not to buy a GPU. But, assuming you really want to buy a new GPU, the good news is that you do have a few options. Let's check them out. Intel Arc B580 This is the one GPU I keep recommending to friends and whoever else cares to listen, and shockingly, it's not from AMD or Nvidia. It's Intel's Arc B580. I dare say that this is the best GPU for most people right now, but there are a couple of caveats. Recommended Videos The best thing about the Arc B580 is, of course, its memory interface. This GPU sports 12GB of VRAM, where other Nvidia and AMD alternatives are stuck with 8GB. The Arc B580 also enjoys a wider memory bus (192-bit versus 128-bit), which helps with bandwidth. Before we go over the benchmarks, keep in mind that the Arc B580 launched last year, and is firmly a last-gen GPU. With that said, the B580 can still keep up in the performance bracket that it belongs to. In our own benchmarks of the Arc B580, the GPU outpaced the RTX 4060 and the RX 7600 XT at 1080p. It fell behind the RTX 4060 Ti, and no wonder — that's a much pricier GPU. Considering its specs, the B580 is inherently a 1080p graphics card. Remember how I said it's the best GPU for most people? Well, that's not wrong — most people still play at 1080p. However, when compared to Nvidia and AMD alternatives, the Arc B580 handles 1440p relatively well, and that's largely thanks to the more robust VRAM interface. It beats the RTX 4060 by a solid margin, and it almost keeps up with the RTX 4060 Ti. It also beats Intel's last-gen flagship card, the Arc A770. Two caveats, though. One: This isn't a GPU that'll breeze through the likes of Indiana Jones and the Great Circle at max settings without breaking a sweat. It's a budget GPU, so keep your expectations in check. Two: Much like most GPUs, it's currently overpriced, but not terribly so. If you can score it near the $249 MSRP, snap it up. The good news is that I just found one for you. Check out the ASRock Steel Legend Arc B580 for $269 at Newegg. Nvidia RTX 5060 Nvidia's part of the mainstream market is kind of all over the place right now — so much so that I often get asked which GPU to buy. There's nothing wrong — we're just spoiled for choice here, although not every GPU is equally good. The RTX 5060 and the RTX 4060 are both selling at MSRP, which is a miracle in and of itself. This means that you can pick either one when shopping, and although many people had a lot to say about the RTX 5060 not being that great, there's little reason to pick the RTX 4060 apart from wanting to make a point. What, exactly, is the problem with the RTX 5060? It all comes down to the 8GB VRAM. Modern GPUs often require more than that, which makes the RTX 5060 a poor choice if you want future-proofing. To that, I say: If you don't mind playing at lower settings, you'll get by just fine with 8GB VRAM for a while yet. Gen-on-gen improvements are solid here, with the RTX 5060 beating the RTX 4060 by anywhere between 10% and 20%. Seeing as both are priced the same, you might as well get the objectively better option — but there are a few GPUs in that similar price bracket, including the RTX 4060 Ti, RTX 5060 Ti, and AMD's RX 9060 XT, not to mention last-gen AMD options. If you want something from Nvidia and you're worried about the low VRAM, check out the RTX 5060 Ti with 16GB of memory. But if you just want a GPU that does the job, you can buy the RTX 5060 right now on Amazon. AMD RX 9060 XT AMD's Radeon RX 9060 XT repeats past mistakes, and yet, it's a solid GPU. Compared to the (brilliant, but overpriced) RX 9070 XT, this one gives you a more affordable graphics card. At the risk of sounding like a broken record, I'll tell you that the RX 9060 XT has a similar VRAM thing going on as many other GPUs in this price range. It comes with either 8GB or 16GB, but both with a 128-bit memory bus, which affects the bandwidth in a big way. It also doesn't have GDDR7 memory like Nvidia equivalents do; AMD chose to use slower, older GDDR6 VRAM here. Fortunately, reviewers still have good things to say about the RX 9060 XT — provided you buy the 16GB version. The AMD card trades blows with Nvidia's RTX 5060 Ti — yes, even the 16GB model — while being significantly cheaper. It also outpaces both versions of the RTX 4060 Ti. This is at 1080p; scaling up to 1440p allows the RX 9060 XT 16GB to pull ahead of the 8GB version of the RTX 5060 Ti. Again, it's all about video memory. Having more VRAM helps the GPU handle higher resolutions, and this shows up in benchmarks time and time again. The RX 9060 XT launched with a $349 price tag for the 16GB version, but it's a little pricier now. You can buy it for $380 on Amazon, and at that price, it's still absolutely worth it. Nvidia RTX 5070 Ti In our in-depth review of the RTX 5070 Ti, we dubbed it 'the right GPU at the wrong time.' This is still very true, and yet, I now feel comfortable recommending this card to you as an option, but only — and I really do mean only — if you need something to play games at 1440p and above. If you're fine with 1080p, steer clear, because this one is still overpriced in more ways than one. The RTX 5070 Ti addresses a lot of the issues I've discussed that the other GPUs didn't manage to avoid. It has plenty of VRAM (16GB) and a more robust 256-bit memory interface, which makes it better suited to run games at higher resolutions. It's also a pretty powerful GPU in its own right. Compared to its predecessors, the RTX 4070 Ti and the RTX 4070 Ti Super (that name will never stop being a mouthful), the 5070 Ti does a surprisingly good job. In our benchmarks, it showed a marked lead. In Cyberpunk 2077, the RTX 5070 Ti beat its predecessor by 26%. Those are impressive gains, especially at 4K, but they vary from game to game — for example, in Forza Horizon 5, the RTX 5070 Ti was 20% faster. What's more important, though, is that all games were super playable, with only Cyberpunk 2077 dipping below 60 frames per second (fps). The downside of the RTX 5070 Ti is, of course, its price. Not only is its MSRP fairly high ($750), but it also sells above that price most of the time. Still, it's the best way to get a high-end GPU right now without massively overspending, which is why I recommend it for enthusiast gamers. The RTX 5070 Ti sells for as little as $790 on Amazon, and that's a better price than I've seen in a while, so check it out.
Forbes
2 minutes ago
- Forbes
Google Warns This Email Means Your Gmail Is Under Attack
You do not want to get this email. With all the cyber security attacks compromising smartphones and PCs, it would be easy to conclude there's little you can do to stay safe. But the truth is very different. Most attacks are easily prevented with a few basic safeguards and some know-how. In reality, a number of simple changes can defend against most attacks. So it is with the FBI's two warnings this week. The first a resurgence of the Phantom Hacker attacks which trick PC users into installing rogue apps. And the second a raft of fake Chrome installs and updates which provide initial access for ransomware. If you just avoid installing linked apps in this way you will steer clear of those attacks. It's the same with a new Amazon impersonation attack that has surged 5000% in just two weeks. Don't click links in messages — even if they seem to come from Amazon. And now Gmail attack warnings are turning up again on social media, which will likely frustrate Google, because their advice has been clear but is not yet landing with users. The latest Gmail warnings come courtesy of a refreshed EasyDMARC article covering the 'no-reply' attacks from earlier this year, hijacking 'no-reply@ to trick users into clicking links and giving up their Google account sign-in credentials. Here again the advice is very simple. It shouldn't matter whether an email appears to come from Google. If it links to a sign-in page, it's an attack. Period. And that means any email that seems to come from Google but has a sign-in link must be deleted. 'Sometimes,' Google warns, 'hackers will copy Google's 'Suspicious sign-in prevented' emails and other official Google emails to try to steal someone's account information.' But the company tells all account holders that 'Google emails will never take you to a sign-in page. Authentic emails sent from Google to your Google Account will never ask you to sign in again to the account they were sent to.' It's as simple as that. Similarly, Google will never 'ask you to provide your password or other sensitive information by email or through a link, call you and ask for any forms of identification, including verification codes, send you a text message directing you to a sign-in page, or send a message via text or email asking you to forward a verification code.' With that in mind, you should not fall victim to these Google impersonation attacks, and if you stick to the basic rules on installs, links and attachments, then you'll likely stay safe from most of the other ones as well.
