Tea, an app that claims to assist girls "be sure that your date is protected, not a catfish and never in a relationship," is experiencing a safety breach. 404 Media stories {that a} database posted on 4chan allowed anybody to entry customers' information. (It's since been eliminated.) The dataset included 1000’s of pictures, together with driver's licenses.
4chan customers claimed the information got here from an uncovered database hosted on Firebase, Google's app improvement platform. 404 Media verified that the uncovered storage bucket URL matches one present in Tea's Android app.
The corporate confirmed the breach. In a press release to 404 Media, Tea mentioned it "recognized unauthorized entry to one among our programs and instantly launched a full investigation to evaluate the scope and impression." The corporate said that the uncovered data included information from over two years in the past. It included 72,000 pictures, together with selfies, photograph IDs and footage from app posts and DMs.
"This information was initially saved in compliance with regulation enforcement necessities associated to cyber-bullying prevention," Tea mentioned. "Now we have engaged third-party cybersecurity consultants and are working across the clock to safe our programs. At the moment, there isn’t any proof to counsel that present or further consumer information was affected. Defending our customers' privateness and information is our highest precedence. We’re taking each needed step to make sure the safety of our platform and forestall additional publicity."
The app permits customers to put up images of "red-flag" males. "Already swiping for dates on Tinder, Bumble, Match or Hinge?" the app's Play Retailer pitch reads. "Tea is a must have app, serving to girls keep away from pink flags earlier than the primary date with courting recommendation and exhibiting them who's actually behind the profile of the individual they're courting."
Its Play Retailer itemizing highlights a reverse telephone quantity lookup. It has sections for males's actual names, ages, addresses, social profiles and relationship statuses. Different options embrace a reverse picture search and background checks to assist girls "get the tea in your date." Customers can ballot others about whether or not they need to date new matches.
The app requires new customers to submit a verification selfie and a photograph of their government-issued ID. Tea instructed 404 Media that it makes use of this to confirm that new signups are certainly girls.
The timing of the breach coincided with the app's surge in reputation. In response to Enterprise Insider, Tea hit the highest of Apple's App Retailer this week. The app first launched in 2023.
This text initially appeared on Engadget at https://www.engadget.com/cybersecurity/tea-app-suffers-breach-exposing-thousands-of-user-images-190731414.html?src=rss