Viral Tea App Breached, Exposing 13,000 Private User Images
Tea, the viral app that allows women to anonymously share photos of men they're dating, has been breached.
Over 72,000 images including 13,000 Tea user photos and government ID images — as well as 59,000 images from posts, comments and direct messages — have apparently been leaked online, according to a report in 404 Media.
The 4Chan users told 404 Media they had found the images via an exposed database hosted on Google's mobile app development platform Firebase.
The data trove of Tea users was reportedly shared on controversial platform 4Chan in the early hours of July 25, with information also available on X, formally Twitter.
It came after the app was attacked by men as it went viral last week, seeing over a million downloads. Men are concerned about the way Tea — which allows women to 'spill Tea' about their dates and expose things such as infidelity — could be open to misuse. A thread posted on the right wing troll message board of 4Chan on July 24 allegedly called for a 'hack and leak' campaign, according to NBC News.
Tea allows women to 'spill Tea' about their dates and expose things such as infidelity
'Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It's a public bucket,' a post on 4chan providing details of the vulnerability reads, according to 404 Media. 'DRIVERS LICENSES AND FACE PICS! GET THE F*** IN HERE BEFORE THEY SHUT IT DOWN!'
Meanwhile, a map on Google Maps had been created that claims to show Tea users' locations — although it does not include names — according to NBC News.
The Tea user photos are a result of the sign up process, which requires people to take selfies to prove they are who they say. This allows them to post anonymously on the app and Tea says the images are deleted after review.
Data Accessed During The Tea Breach
The data accessed was from 2023, according to a Tea spokesperson who was talking to NBC News. 'This data was originally stored in compliance with law enforcement requirements related to cyberbullying prevention,' they told NBC.
Tea 'should be made accountable for this misinterpretation of how to record private information,' says Jake Moore, global cybersecurity advisor at ESET. 'This data should never have been stored, let alone made accessible."
He points out that the Tea breach took place 'on the same weekend' the Online Safety Bill came into place in the UK. The Bill requires UK users to upload their IDs to view certain over-18s websites or content.
I have asked Tea for a comment and will update this article if the firm responds.
The Tea app is intended to create a safe space for women to share information about their dates online. The idea itself is noble, however, this data leak had shown the issues with the app itself — as well as the consequences when platforms don't have enough guardrails in place to protect users.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
18 minutes ago
- Yahoo
5 soldiers wounded by fellow soldier in workplace shooting at Fort Stewart in Georgia; suspect in custody, officials say
The alleged shooter, identified as Sgt. Quornelius Radford, was quickly "subdued" by other soldiers, Brig. Gen. John Lubas told reporters. Five soldiers were shot and wounded on Wednesday at a U.S. Army base in Georgia by a fellow soldier in a workplace shooting that prompted a lockdown, officials there say. In a post on its Facebook page, Fort Stewart Hunter Army Airfield said the shooting occurred in the 2nd Armored Brigade Combat Team area shortly before 11 a.m. local time. The alleged shooter was identified as Quornelius Radford, an automated logistics sergeant assigned to the 2nd Brigade Team. At a press conference on Wednesday afternoon, Brig. Gen. John Lubas, commander of the 3rd Infantry Division said Radford was quickly "subdued" by fellow soldiers before law enforcement arrived. "Soldiers in the area that witnessed the shooting immediately, and without hesitation, tackled the soldier, subdued him, and allowed law enforcement to then take him into custody," Lubas said. "These soldiers without a doubt prevented further casualties." All five of the victims were transported to the hospital in stable condition, Lubas said. Three of the victims required surgery, and all are expected to recover. According to Lubas, the shooting occurred at Radford's place of work and involved his co-workers, but he would not speculate on a motive. Lubas said that Radford used a personal handgun, and that the incident remains under investigation. In an earlier alert announcing the lockdown, Fort Stewart said multiple 'casualties" had been reported in what was described as "an active shooter incident." Gates to the base were closed for several hours, and some schools in the area were briefly placed on lockdown. Fort Stewart, which is located about 40 miles southwest of Savannah, is home to about 10,000 people, including soldiers, family members and civilian employees, live there, according to its website. The FBI in Atlanta said on X that its office in Savannah was aware of the incident and "coordinating with Army Criminal Investigation Division for any assistance that might be needed." President Trump was briefed on the shooting, White House press secretary Karoline Leavitt said. Georgia Gov. Brian Kemp wrote on X that he was "in close contact with law enforcement on the ground," adding that his family was "saddened by today's tragedy." "We are keeping the victims, their families, and all those who answer the call to serve in our hearts and prayers, and we ask that Georgians everywhere do the same," Kemp said.
Yahoo
18 minutes ago
- Yahoo
Congress members trying to see ICE detainees at MDC Brooklyn jail barred from entry
NEW YORK — Officials at MDC Brooklyn barred three Democrat members of Congress from conducting an oversight visit of the jail's ICE detention operation, sparking a brief lockdown that led to cancelled legal visits for inmates seeing their defense lawyers. The Congress members, Reps. Adriano Espaillat, Nydia Velazquez and Dan Goldman, showed up at the notorious Sunset Park jail Wednesday morning, but were blocked at the door, then were briefly trapped between the iron gate in front of the jail and its entrance doors. Inside, about 20 defense attorneys visiting their clients abruptly had those visits cut short, multiple lawyers told the Daily News. Jail staff recalled those inmates back to their housing units, and wouldn't let their lawyers leave the MDC for about a half hour as the drama unfolded outside, the attorneys said. Those lawyers included Marc Agnifilo, who represents Sean 'Diddy' Combs and alleged healthcare CEO killer Luigi Mangione, both of whom are housed in MDC, sources said. Agnifilo did not return messages seeking comment Wednesday. 'We were trapped between the gate and the building,' Velazquez told The News. She said that the lawmakers entered the gate and approached the place's front door, and Espaillat asked a masked Immigration and Customs Enforcement agent outside to show his face. 'He [the agent] immediately jumped in front of the gate and locked us inside, and then went upstairs, climbed the steps for the federal building and locked the door so we could not get out to the street,' Velazquez said. 'We couldn't get into the building.' New York Immigration Coalition President Murad Awawdeh, who accompanied the lawmakers, said the ICE agent immediately confronted them, asking for ID, then triggered a lockdown and disappeared into the building. 'It was a circus that the federal prison bureau created,' he said. 'Why is the federal government going so far out of its way to prohibit anyone from seeing what's happening inside their facilities?' Eventually, an assistant to the warden came out, 'and he said what we knew he would say, that we have to request seven days in advance for a permit to allow us to go inside,' Velazquez said. That's against federal law, which gives Congress members the right to make unannounced visits, she said. Starting in June, MDC Brooklyn began holding more than 100 ICE detainees as part of an interagency agreement between ICE and and the Bureau of Prisons to use eight federal facilities across the country to hold immigrants ensnared in Donald Trump's mass deportation machine. 'Denying Members of Congress access to a federal detention facility is outrageous and unacceptable,' Espaillat said in a statement later Wednesday. 'MDC Brooklyn has a well-documented record of abuse. ICE should not be allowed to expand its reach through backdoor deals with federal prisons. This contract must be terminated now.' BOP spokeswoman Randilee Giamusso said Wednesday that the prison system would be happy to accommodate Congress member visits if they give advance notice. 'However, as a law enforcement entity, we must prioritize the safety of our staff, inmates and our facilities. We remain committed to working with our congressional partners,' Giamusso said. 'With proper notice, the BOP is happy to accommodate a request for a site visit from any congressional member.' Espaillat and several other Congress members sued the Trump administration last week, arguing that federal law specifically prohibits immigration detention facilities from requiring prior notice before members of Congress can make oversight visits. 'The Trump administration's lawless efforts to defy that constitutional authority are a gross abuse of power,' Goldman said, 'and we're taking them to court in defense of that principle and to find out what they're hiding.' _____
New York Times
20 minutes ago
- New York Times
Adams Is Again Denied Matching Funds as Cuomo Lobbies Executives
Mayor Eric Adams of New York was again denied public matching funds for his re-election campaign on Wednesday, a major setback as he competes against former Gov. Andrew M. Cuomo to emerge as the strongest challenger to Zohran Mamdani, the Democratic nominee. The city's Campaign Finance Board said that Mr. Adams was not eligible for public funds because his campaign had provided 'incomplete and misleading' information, and the board believed that the campaign had violated the law. The board did not provide details about its findings, but said the decision was based on 'all of the available evidence, including but not limited to its own independent investigation.' Todd Shapiro, a spokesman for Mr. Adams's campaign, called the decision 'vague and unsubstantiated' as well as 'deeply concerning and potentially damaging.' 'We strongly disagree with the Campaign Finance Board's decision and reject both the tone and substance of its statement,' Mr. Shapiro said. The board denied Mr. Adams's request for public funds after he was indicted on federal corruption charges late last year. That decision prevented him from receiving millions of dollars under the city's program, which gives qualifying candidates an eight-for-one match of small-dollar donations. Want all of The Times? Subscribe.
