Tea, a women’s safety dating app that has surged to the highest of the free iOS App Retailer listings, suffered a serious safety breach final week. The corporate confirmed Friday that it has “recognized approved entry to one in all our techniques” that uncovered hundreds of person photos. And now, there’s the potential that more details on folks utilizing the app might be accessed.
Based on Tea’s preliminary findings from the top of final week, the breach allowed entry to roughly 72,000 photos, damaged down into two teams: 13,000 photos of selfies and photograph identification that folks had submitted throughout account verification and 59,000 photos that have been publicly viewable within the app from posts, feedback and direct messages.
These photos had been in a “legacy knowledge system” that contained info from greater than two years in the past, the corporate mentioned in assertion. “Right now, there is no such thing as a proof to counsel that present or extra person knowledge was affected.”
Earlier Friday, posts on Reddit and 404 Media reported that Tea app customers’ faces and IDs had been posted on nameless on-line message board 4chan.
Tea requires customers to confirm their identities with selfies or IDs, which is why driver’s licenses and footage of individuals’s faces are within the leaked knowledge.
Tea mentioned it has launched a full investigation to evaluate the scope and affect of the breach.
DMs doubtlessly uncovered
A safety researcher has additionally found that it’s possible for hackers to gain access to DMs between Tea customers, in keeping with a report by 404 Media on Monday. This reportedly impacts messages despatched as much as final week by folks utilizing the Tea app. Tea did not instantly reply to a request for touch upon this newest report.
The premise of Tea is to supply girls with an area to report unfavourable interactions they’ve had whereas encountering males within the relationship pool, purportedly to maintain different girls protected. The app hit the No. 1 spot on Apple’s US App Retailer final week, drawing worldwide consideration and sparking a debate about whether or not the app violates males’s privateness. If the studies of a breach transform true, it’ll additionally play into the broader ongoing debate round whether or not online identity and age verification pose an inherent security risk to web customers.
Within the privateness part on its web site, Tea says: “Tea Relationship Recommendation takes cheap safety measures to guard your Private Data to stop loss, misuse, unauthorized entry, disclosure, alteration and destruction. Please bear in mind, nevertheless, that regardless of our efforts, no safety measures are impenetrable.”
