The Tea app was intended to help women date safely. Then it got hacked
'We have engaged third-party cybersecurity experts and are working around the clock to secure our systems,' San Francisco-based Tea Dating Advice Inc. said in a statement.
The app and the breach highlight the fraught nature of seeking romance in the age of social media.
Here's what to know:
Tea was meant to help women date safely
Tea founder Sean Cook, a software engineer who previously worked at Salesforce and Shutterfly, says on the app's website that he founded the company in 2022 after witnessing his own mother's 'terrifying'' experiences. Cook said they included unknowingly dating men with criminal records and being 'catfished'' — deceived by men using false identities.
Tea markets itself as a safe way for women to anonymously vet men they might meet on dating apps such as Tinder or Bumble — ensuring that the men are who they say they are, not criminals and not already married or in a relationship. It's been compared to the Yelp of dating.
In an Apple Store review, one woman wrote that she used a Tea search to investigate a man she'd begun talking to and discovered 'over 20 red flags, including serious allegations like assault and recording women without their consent.'' She said she cut off communication. 'I can't imagine how things could've gone had I not known," she wrote.
A surge in social media attention over the past week pushed Tea to the No. 1 spot at the U.S. Apple Store as of July 24, according to Sensor Tower, a research firm. In the seven days from July 17-23, Tea downloads shot up 525% compared to the week before. Tea said in an Instagram post that it had reached 4 million users.
Tea has been criticized for invading men's privacy
A female columnist for The Times of London newspaper, who signed into the app, on Thursday called Tea a 'man-shaming site'' and complained that 'this is simply vigilante justice, entirely reliant on the scruples of anonymous women. With Tea on the scene, what man would ever dare date a woman again?''
It's unclear what legal recourse an aggrieved man might have if he feels he's been defamed or had his privacy violated on Tea or a similar social media platform. In May, a federal judge in Illinois threw out an invasion-of-privacy lawsuit by a man who'd been criticized by women in the Facebook chat group "Are We Dating the Same Guy,'' Bloomberg Law reported.
The breach exposed thousands of selfies and photo IDs
In its statement, Tea reported that about 72,000 images were leaked online, including 13,000 images of selfies or photo identification that users submitted during account verification. Another 59,000 images that were publicly viewable in the app from posts, comments and direct messages were also accessed, according to the company's statement.
No email addresses or phone numbers were exposed, the company said, and the breach only affects users who signed up before February 2024. 'At this time, there is no evidence to suggest that additional user data was affected. Protecting tea users' privacy and data is our highest priority,' Tea said.
It said users did not need to change their passwords or delete their accounts. "All data has been secured.''
.
Solve the daily Crossword
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
32 minutes ago
- Yahoo
Trump scores another big trade deal after securing promise of massive investment, but China will be less willing to cave, analyst says
President Donald Trump said the EU will invest $600 billion in the U.S., buy $750 billion of American energy products, and purchase 'vast amounts' of weapons as part of a trade deal that sets a 15% tariff. It comes a week after a similar agreement with Japan, which pledged to invest $550 billion in key U.S. industrial sectors. Now that trade deals have been clinched with the European Union and Japan, the U.S. looks to focus on China as the world's two biggest economies prepare for high-stakes talks. Negotiations between Treasury Secretary Scott Bessent and Chinese Vice Premier He Lifeng are scheduled to start on Monday in Stockholm. That comes as a trade truce between the two sides is due to end Aug. 12, though they are reportedly going to extend the deadline by 90 days. U.S. deals with Japan and the EU could offer a blueprint for China. The EU will invest $600 billion in the U.S., buy $750 billion of American energy products and purchase 'vast amounts' of weapons, according to Trump. It comes a week after a similar agreement with Japan, which vowed to invest $550 billion in key U.S. industrial sectors. Both the EU and Japan will face a 15% tariff on most of their exports to the U.S. Bessent highlighted the $550 billion pledge as a key reason the U.S. and Japan were able to settle on a levy that was lower than the 25% rate Trump had threatened earlier. 'They got the 15% rate because they were willing to provide this innovative financing mechanism,' he told Bloomberg TV on Wednesday, when asked if other countries could get a similar rate. Similarly, Trump had hinted that the EU would have to 'buy down' the threatened tariff rate of 30% and pointed to the Japan deal. But talks with Beijing may be tougher. 'When Japan broke down and made a deal the EU had little choice,' Jamie Cox, managing partner for Harris Financial Group, said in a note on Sunday. 'The biggest piece in the trade deal puzzle still remains, and the Chinese are unlikely to be as willing to fold.' Without a lasting agreement between the U.S. and China, tariffs could soar back to prohibitively high levels that would effectively cut off trade. In April, Trump had set tariffs on China at 145%, prompting Beijing to retaliate with its own levy of 125%. Meanwhile, the U.S. has reached deals elsewhere in Asia, with the Philippines and Indonesia facing 19% tariffs while Vietnam has a 20% duty. That's as Trump seeks to discourage the trans-shipment of Chinese goods via other countries in the region. Any pledges of investment in the U.S. also come as Trump's tariffs face legal challenges, with a court hearing scheduled Thursday on whether the president has authority under the International Emergency Economic Powers Act to impose wide-ranging duties. On Sunday, European Commission President Ursula von der Leyen confirmed that the EU's $750 billion in U.S. energy purchases would come over the next three years, meaning they will happen while Trump is in office. But U.S. tariffs could be invalidated before any money is spent, and Wall Street is skeptical that Japan will fully deliver on a target that isn't a binding commitment. Analysts at Piper Sandler have concluded that Trump's tariffs are illegal and noted that the $550 billion Japanese investment comes with few concrete details. 'Our trading partners and major multinationals know Trump's tariffs are on shaky legal ground,' they wrote. 'Therefore, we find it hard to believe many of them are going to make massive investments in the US they would not have otherwise made in response to tariffs that may not last.' This story was originally featured on Sign in to access your portfolio
Yahoo
an hour ago
- Yahoo
State of play in Trump's tariffs, threats and delays
Dozens of economies including India, Canada and Mexico face threats of higher tariffs Friday if they fail to strike deals with Washington. Here is a summary of duties President Donald Trump has introduced in his second term as he pressures allies and competitors alike to reshape US trade relationships. - Global tariffs - US "reciprocal" tariffs -- imposed under legally contentious emergency powers -- are due to jump from 10 percent to various steeper levels for a list of dozens of economies come August 1, including South Korea, India and Taiwan. The hikes were to take effect July 9 but Trump postponed them days before imposition, marking a second delay since their shock unveiling in April. A 10 percent "baseline" levy on most partners, which Trump imposed in April, remains in place. He has also issued letters dictating tariff rates above 10 percent for individual countries, including Brazil, which has a trade deficit with the United States and was not on the initial list of higher "reciprocal" rates. Several economies -- the European Union, Britain, Vietnam, Japan, Indonesia and the Philippines -- have struck initial tariff deals with Washington, while China managed to temporarily lower tit-for-tat duties. Certain products like pharmaceuticals, semiconductors and lumber are excluded from Trump's "reciprocal" tariffs, but may face separate action under different authorities. This has been the case for steel, aluminum, and soon copper. Gold and silver, alongside energy commodities, are also exempted. Excluded too are Mexico and Canada, hit with a different set of tariffs, and countries like Russia and North Korea as they already face sanctions. - Canada, Mexico - Canadian and Mexican products were hit by 25 percent US tariffs shortly after Trump returned to office, with a lower rate for Canadian energy. Trump targeted both neighbors over illegal immigration and fentanyl trafficking, also invoking emergency powers. But trade negotiations have been bumpy. This month, Trump said Canadian goods will face a higher 35 percent duty from August 1, and Mexican goods will see a 30 percent level. Products entering the United States under the USMCA North American free trade pact, covering large swaths of goods, are expected to remain exempt -- with Canadian energy resources and potash, used as fertilizer, to still face lower rates. - China focus - Trump has also taken special aim at China. The world's two biggest economies engaged in an escalating tariffs war this year before their temporary pullback. The countries imposed triple-digit duties on each other at one point, a level described as a trade embargo. After high level talks, Washington lowered its levies on Chinese goods to 30 percent and Beijing slashed its own to 10 percent. This pause is set to expire August 12, and officials will meet for further talks on Monday and Tuesday in the Swedish capital Stockholm. The US level is higher as it includes a 20 percent tariff over China's alleged role in the global fentanyl trade. Beyond expansive tariffs on Chinese products, Trump ordered the closure of a duty-free exemption for low-value parcels from the country. This adds to the cost of importing items like clothing and small electronics. - Autos, metals - Trump has targeted individual business sectors too, under more conventional national security grounds, imposing a 25 percent levy on steel and aluminum imports which he later doubled to 50 percent. The president has unveiled plans for a 50 percent tariff on copper imports starting August 1 as well and rolled out a 25 percent tariff on imported autos, although those entering under the USMCA can qualify for a lower rate. Trump's auto tariffs impact vehicle parts too, but new rules ensure automakers paying vehicle tariffs will not also be charged for certain other duties. He has ongoing investigations into imports of lumber, semiconductors, pharmaceuticals and critical minerals that could trigger further duties. - Legal challenges - Several legal challenges have been filed against the tariffs Trump invoked citing emergencies. The US Court of International Trade ruled in May that the president had overstepped his authority, but a federal appeals court has allowed the duties to remain while it considers the case. If these tariffs are ultimately ruled illegal, companies could possibly seek reimbursements. bys/des/mlm Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
an hour ago
- Yahoo
IT provider sued after it simply 'handed the credentials' to hackers — Clorox claims Cognizant gaffe enabled a $380m ransomware attack
When you buy through links on our articles, Future and its syndication partners may earn a commission. Popular bleach brand Clorox filed a case against Cognizant, its IT provider, after the company discovered that the latter had simply given away access credentials to hackers posing as employees. According to an NBC News Report, this breach allowed Scattered Spider, a hacking group that targets company service desks, to infect Clorox with ransomware in August 2023. This IT support gaffe allegedly resulted in around $380 million worth of damage and disruption for Clorox. Cognizant manages Clorox's internal networks, and employees who have issues with their passwords, multi-factor authentication (MFA) codes, and VPNs must coordinate with the IT provider to regain access to their system. However, Clorox alleges that the Cognizant Service Desk gave access passwords without verifying the identity of the caller. Such action would contradict the policies that have been set in place to prevent unauthorized personnel from gaining access, which Ars Technica says include an internal verification and self-reset password tool. In case the user does not have access to this, Cognizant must check their identity by asking for their manager's name and their username. This would reset their password, but it will also email the employee and their supervisor to help ensure some level of security. Low-effort social engineering win for the cyber criminals Unfortunately, this did not happen in several instances. Instead, Cognizant staff simply handed over the passwords without confirming the identity of the caller, it is claimed. One partial call transcript provides evidence of this, with the alleged hacker telling the Cognizant employee, 'I don't have a password, so I can't connect.' They then replied without hesitation, 'Oh, ok. Ok. So, let me provide the password to you, okay?' Assuming the identity of authorized personnel is one of the most basic social engineering attacks, which is why many IT companies deploy several measures against it. However, it seems that Cognizant's employees were too trusting and violated protocol, potentially leading to millions of dollars in losses for Clorox. This goes to show that no matter how robust and sophisticated your cybersecurity is, it can always be breached at its weakest point. 'Cognizant was not duped by any elaborate ploy or sophisticated hacking techniques,' the lawsuit asserts. 'The cybercriminal just called the Cognizant Service Desk, asked for credentials to access Clorox's network, and Cognizant handed the credentials right over.' Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
