Tea Dating Advice: Difference between revisions
No edit summary |
mNo edit summary |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 22: | Line 22: | ||
====Market control==== | ====Market control==== | ||
As of 2025, the app claims to have more than 1.6 users, with recent numbers going up to 4.6 million as of July 27, 2025. | As of 2025, the app claims to have more than 1.6 million users, with recent numbers going up to 4.6 million as of July 27, 2025. | ||
==Incidents== | ==Incidents== | ||
| Line 29: | Line 29: | ||
===Public database leak (''2025'')=== | ===Public database leak (''2025'')=== | ||
[[File:Tea breach 4chan post.jpg|thumb|right|The original 4chan post advertising the leak]] | [[File:Tea breach 4chan post.jpg|thumb|right|The original 4chan post advertising the leak]] | ||
On July 25, 2025, a 4chan post detailed a Firebase database leak connected to the Tea app which included 72,000 images, 13,000 being selfies and state IDs with the remaining 59,000 being from direct messages and posts.<ref>{{Cite web|url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-25|work=404 Media|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|archive-date=2025-07-27|url-status=live}}</ref> It was alleged by the anonymous user the database contained no credential authentication.<ref>{{Cite web|url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail|first=Jose|last=Lanz|date=2025-07-25|work=Decrypt|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|archive-date=2025-07-27|url-status=live}}</ref> | On July 25, 2025, a 4chan post detailed a Firebase database leak connected to the Tea app which included 72,000 images, 13,000 being selfies and state IDs with the remaining 59,000 being from direct messages and posts.<ref>{{Cite web|url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-25|work=404 Media|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|archive-date=2025-07-27|url-status=live}}</ref> It was alleged by the anonymous user the database contained no credential authentication.<ref>{{Cite web|url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail|first=Jose|last=Lanz|date=2025-07-25|work=Decrypt|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|archive-date=2025-07-27|url-status=live}}</ref> Due to the nature of the alleged unencrypted database, users from 4chan were able to use the leaked data to create a website called "TeaSpill" for others to choose one of two selfies based on looks.<ref>{{Cite web|url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/|title=Is teaspill just the start?|author=u/B_drgnthrn|date=2025-07-27|work=Reddit|access-date=2025-07-28|archive-url=https://archive.ph/jduIg|archive-date=2025-07-28|url-status=live}}</ref> Another website would be made on Google maps that paired user ID strings with their city's approximate location. | ||
<gallery> | |||
On July 27, Tea made an official statement hidden on their website that stated no email addresses or phone numbers were breached and "only users who signed up before February 2024 were affected".<ref>{{Cite web|url=https://www.teaforwomen.com/cyberincident|title=Official Statement|work=Tea|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727215259/https://www.teaforwomen.com/cyberincident|archive-date=2025-07-27|url-status=live}}</ref> This questions the reliability of the privacy policy, as the verification photos were not deleted over a year after verifying the accounts, to which Tea claimed it was due to "cyber-bullying prevention". The email also claimed the requirement for ID images was removed at the end of 2023. | File:Tea Dating Advice Google Map.png|The Google Map data point cluster of some Tea users' cities. | ||
</gallery> | |||
On July 27, Tea made an official statement hidden on their website that stated no email addresses or phone numbers were breached and "only users who signed up before February 2024 were affected".<ref>{{Cite web|url=https://www.teaforwomen.com/cyberincident|title=Official Statement|work=Tea|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727215259/https://www.teaforwomen.com/cyberincident|archive-date=2025-07-27|url-status=live}}</ref> This questions the reliability of the privacy policy, as the verification photos were not deleted over a year after verifying the accounts, to which Tea claimed it was due to "cyber-bullying prevention". The email also claimed the requirement for ID images was removed at the end of 2023. | |||
==See also== | ==See also== | ||