Tea, a women’s dating safety app that lately surged to the highest of the free iOS App Retailer listings, suffered a serious safety breach final week. The corporate confirmed Friday that it “recognized approved entry to one in all our methods” that uncovered hundreds of consumer photos. And now we all know that DMs have been accessed throughout the breach, too.
Tea’s preliminary findings from the tip of final week confirmed the info breach uncovered roughly 72,000 photos: 13,000 photos of selfies and picture identification that folks had submitted throughout account verification, and 59,000 photos that have been publicly viewable within the app from posts, feedback and direct messages.
These photos had been saved in a “legacy knowledge system” that contained data from greater than two years in the past, the corporate stated in assertion. “Right now, there is no such thing as a proof to counsel that present or extra consumer knowledge was affected.”
Earlier Friday, posts on Reddit and 404 Media reported that Tea app customers’ faces and IDs had been posted on nameless on-line message board 4chan. Tea requires customers to confirm their identities with selfies or IDs, which is why driver’s licenses and photos of individuals’s faces are within the leaked knowledge.
And on Monday, a Tea spokesperson confirmed to CNET that it moreover “lately discovered that some direct messages (DMs) have been accessed as a part of the preliminary incident.” Tea has additionally taken the affected system offline. That affirmation adopted a report by 404 Media on Monday that an impartial safety researcher found it might have been possible for hackers to gain access to DMs between Tea customers, affecting messages despatched as much as final week on the Tea app.
Tea stated it has launched a full investigation to evaluate the scope and impression of the breach.
Class motion lawsuit filed
One of many customers of the Tea app, Griselda Reyes, has filed a category motion lawsuit on behalf of herself and different Tea customers affected by the info breach. In response to court documents filed on July 28, as reported earlier by 404 Media, Reyes is suing Tea over its alleged “failure to correctly safe and safeguard … personally identifiable data.”
“Shortly after the info breach was introduced, web customers claimed to have mapped the places of Tea’s customers primarily based on metadata contained from the leaked photos,” the grievance alleges. “Thus, as an alternative of empowering girls, Tea has really put them susceptible to critical hurt.”
Tea additionally has but to inform its prospects personally about their knowledge being breached, the grievance alleges.
The grievance is in search of class motion standing, damages for these affected “in an quantity to be decided” and sure necessities for Tea to enhance its knowledge storage and dealing with practices.
Scott Edward Cole of Cole & Van Word, the legislation agency representing Reyes, instructed CNET he’s “surprised” by the alleged lack of safety protections in place.
“This software was marketed as a secure place for ladies to share data, typically very intimate data, about their relationship experiences. Few individuals would take that threat in the event that they’d recognized Tea Relationship put such little effort into its cybersecurity,” Cole alleged. “One chief aim of our lawsuit is to compel the corporate to start out taking consumer privateness much more significantly.”
Tea did not instantly reply to a request for touch upon the category motion lawsuit.
What’s the Tea app?
The premise of Tea is to supply girls with an area to report adverse interactions they’ve had whereas encountering males within the relationship pool, with the intention of preserving different girls secure.
The app is at present sitting on the No. 2 spot without cost apps on Apple’s US App Retailer, proper after ChatGPT, drawing worldwide consideration and sparking a debate about whether or not the app violates males’s privateness. Following the information of the info breach, it additionally performs into the broader ongoing debate round whether or not online identity and age verification pose an inherent security risk to web customers.
Within the privateness part on its web site, Tea says: “Tea Relationship Recommendation takes cheap safety measures to guard your Private Data to stop loss, misuse, unauthorized entry, disclosure, alteration and destruction. Please bear in mind, nevertheless, that regardless of our efforts, no safety measures are impenetrable.”
