Controversy Brews For Tea Dating App After Hack Exposes 72k User Images
The Tea dating app that was designed to help women anonymously carry out background checks on potential dates to weed out “red flag” behaviours has confirmed it was subject to a data breach.
US-based Tea Dating Advice said there had been “unauthorised access” to more than 72,000 images submitted by its 1.6 million user base, with post and comments also potentially exposed in the hack.
The dataset includes 13,000 verification images, in which women hold a form of photo identification to verify their identity – something Tea said it would delete immediately once authentication was complete. Approximately 59,000 images publicly viewable in the app from posts, comments and direct messages had also been accessed.
The breach – which occurred on Friday at 6:44AM PST – impacted members who had signed up before February 2024, the company said, but no email addresses or phone numbers were accessed.
In a statement, Tea claimed the information was stored in accordance with law enforcement requirements related to cyber-bullying investigations.
The company said: “We are working around the clock with internal security teams and third-party experts to secure our systems. We are currently working to determine the full nature and scope of information involved in the incident.
“Your data privacy is of the utmost importance to us. We are taking all necessary measures to strengthen our security posture and ensure that no further data is exposed. Thank you for your trust—and for your patience as we address this with the urgency it deserves.”
Tea said it has engaged with third-party cybersecurity experts to secure its servers and determine the cause of the breach. It confirmed the breach of the verification images, saying it kept copies “in compliance with law enforcement requirements related to cyber-bullying prevention”. The app no longer requires ID to sign up.
The breach came just days after Tea made a viral breakthrough, receiving global coverage for its crowdsourced background checks.
Launched by founder Sean Cook after seeing his mother get catfished online, Tea’s stated aim is simple: help women avoid dangerous or deceptive dates. Last week, it claimed to have gained a million new users.
According to App Store tracker SensorTower.com, Tea Dating Advice has become the most popular free app in the US, and is the number one lifestyle download, prior to the data breach.
However, it has also been subject to criticism, with The Times of London calling it a “man-shaming” app, and a post in the MensRights subreddit saying it “must be deleted”.
The attack comes as brands are increasingly facing threats from hackers looking to exploit data vulnerabilities. Earlier this month, fashion giant Louis Vuitton revealed that customer data was stolen during an unauthorised breach
Kevin Marriott, senior manager of cyber and head of SecOps at Immersive, warned that the breach will be “extremely damaging” for an app that had promoted itself as offering “dating safety for women”.
He added: “Legacy infrastructure is often a challenge for organisations, and the failure of the company to immediately delete images will further fuel concerns around the Online Safety Bill and the requirement to upload personally identifiable information (PII). Breaches such as these, where the images that were taken are part of a dataset that customers were assured were not retained, can clearly damage trust between users and the company.
“The breach highlights the importance of stress-testing and auditing security defences and teams. Such exercises would have quickly identified weaknesses within legacy systems and shown that certain security assurances were not being upheld. Hands-on, measurable training programmes tailored to specific individuals, teams, and departments are essential in helping employees build the cyber skills required to prevent easily avoidable breaches.”
The post Controversy brews for Tea Dating app after hack exposes 72k user images appeared first on TechInformed.
