Two major security vulnerabilities in the Tea app – which claims to make dating safer for women – have exposed the private chats and personal data of at least tens of thousands of users.
The app, designed to allow women to share “red flags” for men they had dated, claimed four million active users after it hit the top slot in the App Store last week …
The Tea app allows female users to tag men’s dating profiles with one of a number of “red flags,” as well as allowing reverse image searches to identify the men behind the profiles. Red flags range from ghosting contacts through being in an existing relationship to sexual assault.
The app was already proving controversial on privacy grounds, with some men saying it was unreasonable to link their profiles to their social media and more, but that was just the start.
The first Tea app security breach
404 Media last week reported that 4chan users discovered an exposed database containing personal data, including selfies and images of driver’s licenses used to verify their identity to the app.
Users say they are rifling through peoples’ personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media. In a statement to 404 Media, Tea confirmed the breach also impacted some direct messages but said that the data is from two years ago.
This is despite the developer claiming that identity documents are deleted after verification.
But it got worse
However, the claim that the data was two years’ old didn’t last long. In a follow-up report, 404 Media said that hackers were able to access private messages between users – with data as recent as one week ago.
... continue reading