Tea suffers massive data breach as 4chan user discovers all collected personal data was public
Tea, an app that was made exclusively for women, requires the user to prove their identity as a woman by presenting ID. However, it’s been discovered by a group of 4chan users that every woman’s personal data who signed up for it was put on a public server.
While this is technically a “data breach”, the information was always publicly available and has just been discovered by people who were looking for it.
As a result, the information of everyone on the app should be considered compromised, with users using scripts to scrape and collect all of their data before the hole could be plugged.
Tea app uploaded users’ personal data to a public server
Tea Dating Adviceis a women-only app that’s used to make sure that women are safe when trying to date on other apps likeHinge, Bumble, and Tinder, by allowing them to get advice from other women in their relationship.
Whether it be background checks, speaking with others to hear about their experiences with the person you’ve matched with, or just general dating advice, it was designed to make the online dating world a bit more secure for women.
However, as it turns out, the app has accidentally done the polar opposite. In order to access Tea, users are required to post full proof that they’re a woman before getting on the app.
TeaOnHer suffers massive data breach with drivers licenses and DMs leaked
First Descendant devs respond amid accusations of using fake AI streamers in ads
Tea app sued for millions in class-action lawsuit after massive data breach
This has to be a source of identification that indicates their gender, meaning most users would naturally gravitate toward uploading their license or state-issued ID. Almost 60GB worth of selfies and personal identification have been posted online.
Rather than putting this data on a secure server, Tea’s data was posted to a publicly accessible server that has already been discovered by users on 4chan. They publicly posted the links to both the public storage and a pastebin that allocated all the user data into one spot, telling people to check and see if they’re in it.
