Privacy Breach- Women’s Dating App “Tea” Leaks 13,000 Selfie Images

Tea, a popular women’s dating app that allows anonymous reviews of male dates, has confirmed a significant cybersecurity incident resulting in the theft of approximately 72,000 user images.

The breach, which affected users who registered before February 2024, represents a serious violation of privacy for the platform that markets itself with the motto “women should never have to compromise their safety while dating.”

Sponsored

class="wp-block-heading" id="scope-of-the-data-breach">Scope of the Data Breach

The unauthorized access to Tea’s systems resulted in the exposure of multiple categories of sensitive user data.

According to company statements, hackers successfully infiltrated the platform’s databases and extracted 13,000 verification images, including user selfies and photo identification documents submitted during the account approval process.

Additionally, threat actors obtained access to 59,000 images from user-generated content, encompassing photos shared in posts, comments, and direct messages within the application.

The breach’s technical scope indicates that attackers likely exploited vulnerabilities in the app’s image storage infrastructure or authentication protocols.

While the company confirmed that no email addresses or phone numbers were compromised during the incident, the theft of biometric verification data and personal communications represents a significant privacy violation.

The attack vector and specific exploitation methods have not been disclosed by Tea’s security team.

Company Response and Security Measures

Tea’s cybersecurity response involved immediate engagement with third-party security experts to assess the breach’s full impact and implement remediation measures.

The company’s incident response team is reportedly “working around the clock to secure our systems” and has initiated forensic analysis to determine the attack’s origin and methodology.

The security incident was initially disclosed by cybersecurity publication 404 Media, which reported the breach before Tea’s official confirmation.

This external discovery suggests potential delays in the company’s intrusion detection capabilities or incident response protocols.

The company has not provided specific details regarding the timeline of the attack, the duration of unauthorized access, or the implementation of additional security controls such as multi-factor authentication or end-to-end encryption for stored images.

App Popularity and User Verification Process

Despite the security breach, Tea continues to experience significant user growth, with more than two million individuals reportedly requesting access to the platform in recent days.

The app operates as a Yelp-style review platform where verified women can anonymously share experiences and safety information about men they have dated or are considering dating.

The verification process requires new users to submit selfies for identity confirmation, which the company’s privacy policy states are deleted after the review process.

However, the recent breach demonstrates that these supposedly temporary verification images were retained in the system longer than indicated, raising questions about data retention policies and storage security protocols.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates

The post Privacy Breach- Women’s Dating App “Tea” Leaks 13,000 Selfie Images appeared first on Cyber Security News.