Tea, the app that gives women an anonymous and safe space to talk about their dating experiences, has recently suffered a huge data breach. This incident made users’ IDs and other PII publicly available. Tech users on the online message board 4Chan were the first to find out about this breach. What they found was that the app’s database was wide open, meaning anyone could access user-generated content.
The breach granted access to a cache of data, including over 59,000 images from posts, comments, and DMs. A spokesperson for Tea told us that these images were visible to the public in-app before the flaw was discovered. The breach didn’t affect any user email addresses or phone numbers. We have all the exposed database. So now, anyone who has been accessing it without login gets a risky “Permission denied” error.
The vulnerability would have impacted any users who registered for Tea prior to February 2024. Once the breach was identified, Tea took swift action to secure the exposed database and stop further access.
404 Media has extensively covered the breach. Specifically, they pointed to a URL shared by a 4Chan user that had exposed a comprehensive list of sensitive attachments linked to the Teaapp. They stated,
“While reporting this story, a URL the 4chan user posted included a voluminous list of specific attachments associated with the Tea app. 404 Media saw this list of files. In the last hour or so, that page was locked down, and now returns a ‘Permission denied’ error.”
As a result of the security incident, Tea immediately engaged third-party cybersecurity experts to strengthen its systems. The company further acknowledges that they will do everything in their power to address any weaknesses. A representative from Tea stated,
“Tea has engaged third-party cybersecurity experts and are working around the clock to secure its systems.”
Organizations are used to going digital and have faced pressure in the past year to engage with users through these online spaces. Today’s incident underscores the importance of robust cybersecurity protections. The Tea app’s promise to increase its security measures is a first step in regaining the trust of its users after this incident.
“At this time, there is no evidence to suggest that additional user data was affected. Protecting tea users’ privacy and data is their highest priority.”
As organizations increasingly rely on digital platforms for user engagement, this incident serves as a reminder of the importance of robust cybersecurity measures. The Tea app’s commitment to enhancing its security protocols may help rebuild user trust following this breach.
