Tea Dating Advice: Difference between revisions

(6 intermediate revisions by the same user not shown)

Line 22:

====Market control====

As of 2025, the app claims to have more than 1.6 million users, with recent numbers going up to 4.6 million as of July 27, 2025.

As of 2025, the app claims to have more than 1.6 million users, with recent numbers going up to 4.6 million as of July 27, 2025. Apps like ''Are We Dating The Same Guy?'' have a similar purpose.<ref>{{Cite web|url=https://apps.apple.com/us/app/are-we-dating-the-same-guy/id6459230401|title=Are We Dating The Same Guy? on the App Store|work=App Store|access-date=2025-07-30|archive-url=https://web.archive.org/web/20250726180711/https://apps.apple.com/us/app/are-we-dating-the-same-guy/id6459230401|archive-date=2025-07-26|url-status=live}}</ref>

==Incidents==

Line 29:

===Public database leak (''2025'')===

[[File:Tea breach 4chan post.jpg|thumb|right|The original 4chan post advertising the leak]]

On July 25, 2025, a 4chan post detailed a Firebase database leak connected to the Tea app which included 72,000 images, 13,000 being selfies and state IDs with the remaining 59,000 being from direct messages and posts.<ref>{{Cite web|url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-25|work=404 Media|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|archive-date=2025-07-27|url-status=live}}</ref> It was alleged by the anonymous user the database contained no credential authentication.<ref>{{Cite web|url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail|first=Jose|last=Lanz|date=2025-07-25|work=Decrypt|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|archive-date=2025-07-27|url-status=live}}</ref> Due to the nature of the alleged unencrypted database, users from 4chan were able to use the leaked data to create a website called "TeaSpill" for others to choose one of two selfies based on looks.<ref>{{Cite web|url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/|title=Is teaspill just the start?|author=u/B_drgnthrn|date=2025-07-27|work=Reddit|access-date=2025-07-28|archive-url=https://archive.ph/jduIg|archive-date=2025-07-28|url-status=live}}</ref> Another website would be made on Google maps that paired user ID strings with their approximate location.

On July 25, 2025, a 4chan post detailed a Firebase database leak connected to the Tea app which included 72,000 images, 13,000 being selfies and state IDs with the remaining 59,000 being from direct messages and posts.<ref>{{Cite web|url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-25|work=404 Media|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|archive-date=2025-07-27|url-status=live}}</ref> It was alleged by the anonymous user the database contained no credential authentication.<ref>{{Cite web|url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail|first=Jose|last=Lanz|date=2025-07-25|work=Decrypt|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|archive-date=2025-07-27|url-status=live}}</ref> Due to the nature of the alleged unencrypted database, users from 4chan were able to use the leaked data to create a website called "TeaSpill" for others to choose one of two selfies based on looks.<ref>{{Cite web|url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/|title=Is teaspill just the start?|author=u/B_drgnthrn|date=2025-07-27|work=Reddit|access-date=2025-07-28|archive-url=https://archive.ph/jduIg|archive-date=2025-07-28|url-status=live}}</ref> Another website would be made on Google maps that paired user ID strings with their city's approximate location.

File:Tea Dating Advice Google Map.png|The Google Map data point cluster of some Tea users.

File:Tea Dating Advice Google Map.png|The Google Map data point cluster of some Tea users' cities.

</gallery>

On July 27, Tea made an official statement hidden on their website that stated no email addresses or phone numbers were breached and "only users who signed up before February 2024 were affected".<ref>{{Cite web|url=https://www.teaforwomen.com/cyberincident|title=Official Statement|work=Tea|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727215259/https://www.teaforwomen.com/cyberincident|archive-date=2025-07-27|url-status=live}}</ref> This questions the reliability of the privacy policy, as the verification photos were not deleted over a year after verifying the accounts, to which Tea claimed it was due to "cyber-bullying prevention". The email also claimed the requirement for ID images was removed at the end of 2023.

</br>

The next day on July 28, it was reported by 404Media a second "major security issue" was discovered by Kasra Rahjerdi, an independent security researcher that included 1.1 million direct messages between users, with the messages spanning from 2023 to July 2025.<ref name="404-2">{{Cite web|url=https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/|title=A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-28|work=404 Media|access-date=2025-07-28|archive-url=https://web.archive.org/web/20250728172154/https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/|archive-date=2025-07-28|url-status=live}}</ref> The contents of some messages included abortion, sharing information about husbands, and phone numbers.

</br>

[[File:TeaOnHer App Store rating.jpg|thumb|right|A list of the top free apps on the American App Store in August 2025]]

On July 29, the Tea app disabled direct messaging for all users as a result of the second data leak, stating "at this time, we have found no evidence of access to other parts of our environment".<ref name="404-3">{{Cite web|url=https://www.404media.co/tea-app-turns-off-dms-after-exposing-messages-about-abortions-cheating/|title=Tea App Turns Off DMs After Exposing Messages About Abortions, Cheating|first=Joseph|last=Cox|date=2025-07-29|work=404 Media|access-date=2025-07-30|archive-url=https://web.archive.org/web/20250729151012/https://www.404media.co/tea-app-turns-off-dms-after-exposing-messages-about-abortions-cheating/|archive-date=2025-07-29|url-status=live}}</ref> On the same day, a [[Class action|class action lawsuit]] was filed by the Cole & Van Note law firm.<ref name="404-4">{{Cite web|url=https://www.404media.co/tea-user-files-class-action-after-womens-safety-app-exposes-data/|title=Tea User Files Class Action After Women’s Safety App Exposes Data|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-29|work=404 Media|access-date=2025-07-30|archive-url=https://web.archive.org/web/20250729194612/https://www.404media.co/tea-user-files-class-action-after-womens-safety-app-exposes-data/|archive-date=2025-07-29|url-status=live}}</ref> The suit was based on the premise of "the people that went to this site thought they were going to be treated with their information would be treated with anonymity, and that trust was violated".<ref name="404-4" />

</br>

In August, it was reported an app for men called "TeaOnHer" was leaking user data (IDs, email, usernames) in the same vein as Tea, with a publicly exposed API. <ref name="TC-TOH">{{Cite web|url=https://www.businessinsider.com/teaonher-anonymous-tea-app-rises-apple-store-faces-security-issues-2025-8|title=There's a new 'Tea' app going viral. This time, it's for men to post anonymously about women.|first=Sydney|last=Bradley|date=2025-08-05|work=Business Insider|access-date=2025-08-11|archive-url=https://web.archive.org/web/20250811140752/https://www.businessinsider.com/teaonher-anonymous-tea-app-rises-apple-store-faces-security-issues-2025-8|archive-date=2025-08-11|url-status=live}}</ref> A second vulnerability was in the form of the owner, Xavier Lampkin's exposed plaintext credentials.<ref name="TC-TOH" /> The app had a "guest" view option, with a majority of the posts being of nude women.<ref>{{Cite web|url=https://techcrunch.com/2025/08/06/a-rival-tea-app-for-men-is-leaking-its-users-personal-data-and-drivers-licenses/|title=TeaOnHer, a rival Tea app for men, is leaking users’ personal data and driver’s licenses|first1=Amanda|last1=Silberling|first2=Zack|last2=Whittaker|date=2025-08-06|work=TechCrunch|access-date=2025-08-11|archive-url=https://web.archive.org/web/20250811141340/https://techcrunch.com/2025/08/06/a-rival-tea-app-for-men-is-leaking-its-users-personal-data-and-drivers-licenses/|archive-date=2025-08-11|url-status=live}}</ref>

==See also==

@@ Line 22: / Line 22: @@
 ====Market control====
-As of 2025, the app claims to have more than 1.6 million users, with recent numbers going up to 4.6 million as of July 27, 2025.
+As of 2025, the app claims to have more than 1.6 million users, with recent numbers going up to 4.6 million as of July 27, 2025. Apps like ''Are We Dating The Same Guy?'' have a similar purpose.<ref>{{Cite web|url=https://apps.apple.com/us/app/are-we-dating-the-same-guy/id6459230401|title=Are We Dating The Same Guy? on the App Store|work=App Store|access-date=2025-07-30|archive-url=https://web.archive.org/web/20250726180711/https://apps.apple.com/us/app/are-we-dating-the-same-guy/id6459230401|archive-date=2025-07-26|url-status=live}}</ref>
 ==Incidents==
@@ Line 29: / Line 29: @@
 ===Public database leak (''2025'')===
 [[File:Tea breach 4chan post.jpg|thumb|right|The original 4chan post advertising the leak]]
-On July 25, 2025, a 4chan post detailed a Firebase database leak connected to the Tea app which included 72,000 images, 13,000 being selfies and state IDs with the remaining 59,000 being from direct messages and posts.<ref>{{Cite web|url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-25|work=404 Media|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|archive-date=2025-07-27|url-status=live}}</ref> It was alleged by the anonymous user the database contained no credential authentication.<ref>{{Cite web|url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail|first=Jose|last=Lanz|date=2025-07-25|work=Decrypt|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|archive-date=2025-07-27|url-status=live}}</ref> Due to the nature of the alleged unencrypted database, users from 4chan were able to use the leaked data to create a website called "TeaSpill" for others to choose one of two selfies based on looks.<ref>{{Cite web|url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/|title=Is teaspill just the start?|author=u/B_drgnthrn|date=2025-07-27|work=Reddit|access-date=2025-07-28|archive-url=https://archive.ph/jduIg|archive-date=2025-07-28|url-status=live}}</ref> Another website would be made on Google maps that paired user ID strings with their approximate location.
+On July 25, 2025, a 4chan post detailed a Firebase database leak connected to the Tea app which included 72,000 images, 13,000 being selfies and state IDs with the remaining 59,000 being from direct messages and posts.<ref>{{Cite web|url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-25|work=404 Media|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|archive-date=2025-07-27|url-status=live}}</ref> It was alleged by the anonymous user the database contained no credential authentication.<ref>{{Cite web|url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail|first=Jose|last=Lanz|date=2025-07-25|work=Decrypt|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|archive-date=2025-07-27|url-status=live}}</ref> Due to the nature of the alleged unencrypted database, users from 4chan were able to use the leaked data to create a website called "TeaSpill" for others to choose one of two selfies based on looks.<ref>{{Cite web|url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/|title=Is teaspill just the start?|author=u/B_drgnthrn|date=2025-07-27|work=Reddit|access-date=2025-07-28|archive-url=https://archive.ph/jduIg|archive-date=2025-07-28|url-status=live}}</ref> Another website would be made on Google maps that paired user ID strings with their city's approximate location.
 <gallery>
-File:Tea Dating Advice Google Map.png|The Google Map data point cluster of some Tea users.
+File:Tea Dating Advice Google Map.png|The Google Map data point cluster of some Tea users' cities.
 </gallery>
 On July 27, Tea made an official statement hidden on their website that stated no email addresses or phone numbers were breached and "only users who signed up before February 2024 were affected".<ref>{{Cite web|url=https://www.teaforwomen.com/cyberincident|title=Official Statement|work=Tea|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727215259/https://www.teaforwomen.com/cyberincident|archive-date=2025-07-27|url-status=live}}</ref> This questions the reliability of the privacy policy, as the verification photos were not deleted over a year after verifying the accounts, to which Tea claimed it was due to "cyber-bullying prevention". The email also claimed the requirement for ID images was removed at the end of 2023.
+</br>
+The next day on July 28, it was reported by 404Media a second "major security issue" was discovered by Kasra Rahjerdi, an independent security researcher that included 1.1 million direct messages between users, with the messages spanning from 2023 to July 2025.<ref name="404-2">{{Cite web|url=https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/|title=A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-28|work=404 Media|access-date=2025-07-28|archive-url=https://web.archive.org/web/20250728172154/https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/|archive-date=2025-07-28|url-status=live}}</ref> The contents of some messages included abortion, sharing information about husbands, and phone numbers.
+</br>
+[[File:TeaOnHer App Store rating.jpg|thumb|right|A list of the top free apps on the American App Store in August 2025]]
+On July 29, the Tea app disabled direct messaging for all users as a result of the second data leak, stating "at this time, we have found no evidence of access to other parts of our environment".<ref name="404-3">{{Cite web|url=https://www.404media.co/tea-app-turns-off-dms-after-exposing-messages-about-abortions-cheating/|title=Tea App Turns Off DMs After Exposing Messages About Abortions, Cheating|first=Joseph|last=Cox|date=2025-07-29|work=404 Media|access-date=2025-07-30|archive-url=https://web.archive.org/web/20250729151012/https://www.404media.co/tea-app-turns-off-dms-after-exposing-messages-about-abortions-cheating/|archive-date=2025-07-29|url-status=live}}</ref> On the same day, a [[Class action|class action lawsuit]] was filed by the Cole & Van Note law firm.<ref name="404-4">{{Cite web|url=https://www.404media.co/tea-user-files-class-action-after-womens-safety-app-exposes-data/|title=Tea User Files Class Action After Women’s Safety App Exposes Data|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-29|work=404 Media|access-date=2025-07-30|archive-url=https://web.archive.org/web/20250729194612/https://www.404media.co/tea-user-files-class-action-after-womens-safety-app-exposes-data/|archive-date=2025-07-29|url-status=live}}</ref> The suit was based on the premise of "the people that went to this site thought they were going to be treated with their information would be treated with anonymity, and that trust was violated".<ref name="404-4" />
+</br>
+In August, it was reported an app for men called "TeaOnHer" was leaking user data (IDs, email, usernames) in the same vein as Tea, with a publicly exposed API. <ref name="TC-TOH">{{Cite web|url=https://www.businessinsider.com/teaonher-anonymous-tea-app-rises-apple-store-faces-security-issues-2025-8|title=There's a new 'Tea' app going viral. This time, it's for men to post anonymously about women.|first=Sydney|last=Bradley|date=2025-08-05|work=Business Insider|access-date=2025-08-11|archive-url=https://web.archive.org/web/20250811140752/https://www.businessinsider.com/teaonher-anonymous-tea-app-rises-apple-store-faces-security-issues-2025-8|archive-date=2025-08-11|url-status=live}}</ref> A second vulnerability was in the form of the owner, Xavier Lampkin's exposed plaintext credentials.<ref name="TC-TOH" /> The app had a "guest" view option, with a majority of the posts being of nude women.<ref>{{Cite web|url=https://techcrunch.com/2025/08/06/a-rival-tea-app-for-men-is-leaking-its-users-personal-data-and-drivers-licenses/|title=TeaOnHer, a rival Tea app for men, is leaking users’ personal data and driver’s licenses|first1=Amanda|last1=Silberling|first2=Zack|last2=Whittaker|date=2025-08-06|work=TechCrunch|access-date=2025-08-11|archive-url=https://web.archive.org/web/20250811141340/https://techcrunch.com/2025/08/06/a-rival-tea-app-for-men-is-leaking-its-users-personal-data-and-drivers-licenses/|archive-date=2025-08-11|url-status=live}}</ref>
 ==See also==