Latest news with #Tea
Express Tribune
5 minutes ago
- Business
- Express Tribune
Tea app hit with lawsuits after data breach exposes 72,000 images and private messages
The viral Tea app, which allows women to anonymously review men, is now facing two class-action lawsuits following a massive data breach that exposed sensitive user data, including private messages and over 72,000 images. Both lawsuits, filed in the Northern District of California, allege that Tea failed to adequately protect user information. The leaked data reportedly included selfies, government IDs submitted for verification, and personal conversations. One lawsuit, filed on behalf of Griselda Reyes, accuses Tea of negligence and breach of implied contract. 'I think they were just sloppy,' said lead attorney Scott Cole, noting the app's rapid viral growth may have outpaced its security infrastructure. The suit seeks damages and demands that Tea implement better encryption and delete stored user data. The second lawsuit, filed on behalf of an anonymous Jane Doe, describes an even more disturbing scenario. Doe claims she used the app to anonymously warn others about a local sexual predator, believing her identity and submitted documents would be kept private. Instead, the suit claims, Tea "broke every one of those promises." This second suit also names social platforms X (formerly Twitter) and 4chan, accusing them of allowing the stolen data to spread further. A Tea spokesperson has said the company is identifying affected users and will provide free identity protection. However, legal experts suggest additional lawsuits may follow as more users come forward. The Tea app recently reached the No. 1 spot in the Apple App Store before dropping to second behind ChatGPT. Its features include anonymous reviews, dating advice, and premium services like background checks and reverse image searches.
The Star
an hour ago
- The Star
Women-only US dating advice app Tea suspends messaging following breaches
FILE PHOTO: Tea app logo and cyber binary codes are seen in this illustration created on July 26, 2025. REUTERS/Dado Ruvic/Illustration/File Photo WASHINGTON (Reuters) -The women-only U.S. dating advice app Tea has suspended direct messaging following a series of security breaches that exposed its users' personal details and sensitive communications, the company said on Tuesday. In a series of posts to TikTok, Tea Dating Advice said it had taken messaging offline "out of an abundance of caution" after discovering the breach. The announcement followed a report last week in tech publication 404media that the company had inadvertently exposed the names, selfies, and identity documents of thousands of women, and a second report earlier on Tuesday that direct messages - including sensitive conversations around abortions and infidelity - had similarly been exposed. The app - which boasts 4.6 million users - is pitched as a "dating safety platform" that women can use to steer clear of men who are adulterous, dishonest, or worse. As a TikTok video put out by the company last year put it, the app "makes the FBI work for us girlies so much easier." Women on Tea are encouraged to share details about prospective dates, create alerts against men's names, and put red flags against men who are alleged to be unscrupulous and green flags against those who are not. "Everything is anonymous," the app promises users on sign-up. Reuters could not establish why the selfies and ID card data had lingered online. Tea did not respond to requests seeking further comment. In its TikTok message, the app said the FBI was investigating the circumstances around the breach. The FBI declined to comment. Eva Galperin, thedirector of cybersecurity at San Francisco-based Electronic Frontier Foundation, said the premise behind the app - creating a kind of massive whisper network powered by anonymous users - was already "a little bit sketchy." She said theapp's makers had made it worse by being "honestly negligent" about their security and that the disaster wascompounded because "women are encouraged to share extremely sensitive information about themselves and others." (Reporting by Raphael Satter in Washington; Editing by Matthew Lewis)
CNET
2 hours ago
- CNET
The Tea App Data Breach: What Was Exposed and What We Know About the Class Action Lawsuit
Tea, a women's dating safety app that surged to the top of the free iOS App Store listings, suffered a major security breach last week. The company confirmed Friday that it "identified authorized access to one of our systems" that exposed thousands of user images. And now we know that DMs were accessed during the breach, too. Tea's preliminary findings from the end of last week showed the data breach exposed approximately 72,000 images: 13,000 images of selfies and photo identification that people had submitted during account verification, and 59,000 images that were publicly viewable in the app from posts, comments and direct messages. Those images had been stored in a "legacy data system" that contained information from more than two years ago, the company said in statement. "At this time, there is no evidence to suggest that current or additional user data was affected." Earlier Friday, posts on Reddit and 404 Media reported that Tea app users' faces and IDs had been posted on anonymous online message board 4chan. Tea requires users to verify their identities with selfies or IDs, which is why driver's licenses and pictures of people's faces are in the leaked data. And on Monday, a Tea spokesperson confirmed to CNET that it additionally "recently learned that some direct messages (DMs) were accessed as part of the initial incident." Tea has also taken the affected system offline. That confirmation followed a report by 404 Media on Monday that an independent security researcher discovered it would have been possible for hackers to gain access to DMs between Tea users, affecting messages sent up to last week on the Tea app. Tea said it has launched a full investigation to assess the scope and impact of the breach. Class action lawsuit filed One of the users of the Tea app, Griselda Reyes, has filed a class action lawsuit on behalf of herself and other Tea users affected by the data breach. According to court documents filed on July 28, as reported earlier by 404 Media, Reyes is suing Tea over its alleged "failure to properly secure and safeguard ... personally identifiable information." "Shortly after the data breach was announced, internet users claimed to have mapped the locations of Tea's users based on metadata contained from the leaked images," the complaint alleges. "Thus, instead of empowering women, Tea has actually put them at risk of serious harm." Tea also has yet to notify its customers personally about their data being breached, the complaint alleges. The complaint is seeking class action status, damages for those affected "in an amount to be determined" and certain requirements for Tea to improve its data storage and handling practices. Scott Edward Cole of Cole & Van Note, the law firm representing Reyes, told CNET he is "stunned" by the alleged lack of security protections in place. "This application was advertised as a safe place for women to share information, sometimes very intimate information, about their dating experiences. Few people would take that risk if they'd known Tea Dating put such little effort into its cybersecurity," Cole alleged. "One chief goal of our lawsuit is to compel the company to start taking user privacy a lot more seriously." Tea did not immediately respond to a request for comment on the class action lawsuit. What is the Tea app? The premise of Tea is to provide women with a space to report negative interactions they've had while encountering men in the dating pool, with the intention of keeping other women safe. The app is currently sitting at the No. 2 spot for free apps on Apple's US App Store, right after ChatGPT, drawing international attention and sparking a debate about whether the app violates men's privacy. Following the news of the data breach, it also plays into the wider ongoing debate around whether online identity and age verification pose an inherent security risk to internet users. In the privacy section on its website, Tea says: "Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. Please be aware, however, that despite our efforts, no security measures are impenetrable."
CNET
3 hours ago
- CNET
The Tea App Data Breach: What Was Exposed and What to Know About the Class Action Lawsuit
Tea, a women's safety dating app that surged to the top of the free iOS App Store listings, suffered a major security breach last week. The company confirmed Friday that it "identified authorized access to one of our systems" that exposed thousands of user images. And now we know that DMs were accessed during the breach, too. Tea's preliminary findings from the end of last week showed the data breach exposed approximately 72,000 images: 13,000 images of selfies and photo identification that people had submitted during account verification, and 59,000 images that were publicly viewable in the app from posts, comments and direct messages. Those images had been stored in a "legacy data system" that contained information from more than two years ago, the company said in statement. "At this time, there is no evidence to suggest that current or additional user data was affected." Earlier Friday, posts on Reddit and 404 Media reported that Tea app users' faces and IDs had been posted on anonymous online message board 4chan. Tea requires users to verify their identities with selfies or IDs, which is why driver's licenses and pictures of people's faces are in the leaked data. And on Monday, a Tea spokesperson confirmed to CNET that it additionally "recently learned that some direct messages (DMs) were accessed as part of the initial incident." Tea has also taken the affected system offline. That confirmation followed a report by 404 Media on Monday that an independent security researcher discovered it would have been possible for hackers to gain access to DMs between Tea users, affecting messages sent up to last week on the Tea app. Tea said it has launched a full investigation to assess the scope and impact of the breach. Class action lawsuit filed One of the users of the Tea app, Griselda Reyes, has filed a class action lawsuit on behalf of herself and other Tea users affected by the data breach. According to court documents filed on July 28, as reported earlier by 404 Media, Reyes is suing Tea over its alleged "failure to properly secure and safeguard ... personally identifiable information." "Shortly after the data breach was announced, internet users claimed to have mapped the locations of Tea's users based on metadata contained from the leaked images," the complaint alleges. "Thus, instead of empowering women, Tea has actually put them at risk of serious harm." Tea also has yet to notify its customers personally about their data being breached, the complaint alleges. The complaint is seeking class action status, damages for those affected "in an amount to be determined" and certain requirements for Tea to improve its data storage and handling practices. Tea and Cole & Van Note, the law firm representing Reyes, did not immediately respond to requests for comment on the class action lawsuit. What is Tea? The premise of Tea is to provide women with a space to report negative interactions they've had while encountering men in the dating pool, with the intention of keeping other women safe. The app is currently sitting at the No. 2 spot for free apps on Apple's US App Store, right after ChatGPT, drawing international attention and sparking a debate about whether the app violates men's privacy. Following the news of the data breach, it also plays into the wider ongoing debate around whether online identity and age verification pose an inherent security risk to internet users. In the privacy section on its website, Tea says: "Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. Please be aware, however, that despite our efforts, no security measures are impenetrable."
CNA
3 hours ago
- Business
- CNA
Women-only US dating advice app Tea suspends messaging following breaches
WASHINGTON :The women-only U.S. dating advice app Tea has suspended direct messaging following a series of security breaches that exposed its users' personal details and sensitive communications, the company said on Tuesday. In a series of posts to TikTok, Tea Dating Advice said it had taken messaging offline "out of an abundance of caution" after discovering the breach. The announcement followed a report last week in tech publication 404media that the company had inadvertently exposed the names, selfies, and identity documents of thousands of women, and a second report earlier on Tuesday that direct messages - including sensitive conversations around abortions and infidelity - had similarly been exposed. The app - which boasts 4.6 million users - is pitched as a "dating safety platform" that women can use to steer clear of men who are adulterous, dishonest, or worse. As a TikTok video put out by the company last year put it, the app "makes the FBI work for us girlies so much easier." Women on Tea are encouraged to share details about prospective dates, create alerts against men's names, and put red flags against men who are alleged to be unscrupulous and green flags against those who are not. "Everything is anonymous," the app promises users on sign-up. Reuters could not establish why the selfies and ID card data had lingered online. Tea did not respond to requests seeking further comment. In its TikTok message, the app said the FBI was investigating the circumstances around the breach. The FBI declined to comment. Eva Galperin, the director of cybersecurity at San Francisco-based Electronic Frontier Foundation, said the premise behind the app - creating a kind of massive whisper network powered by anonymous users - was already "a little bit sketchy." She said the app's makers had made it worse by being "honestly negligent" about their security and that the disaster was compounded because "women are encouraged to share extremely sensitive information about themselves and others."
