Tea Dating Advice: Difference between revisions

(2 intermediate revisions by the same user not shown)

Line 29:

===Public database leak (''2025'')===

[[File:Tea breach 4chan post.jpg|thumb|right|The original 4chan post advertising the leak]]

On July 25, 2025, a 4chan post detailed a Firebase database leak connected to the Tea app which included 72,000 images, 13,000 being selfies and state IDs with the remaining 59,000 being from direct messages and posts.<ref>{{Cite web|url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-25|work=404 Media|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|archive-date=2025-07-27|url-status=live}}</ref> It was alleged by the anonymous user the database contained no credential authentication.<ref>{{Cite web|url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail|first=Jose|last=Lanz|date=2025-07-25|work=Decrypt|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|archive-date=2025-07-27|url-status=live}}</ref> Due to the nature of the alleged unencrypted database, users from 4chan were able to use the leaked data to create a website called "TeaSpill" for others to choose one of two selfies based on looks.<ref>{{Cite web|url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/|title=Is teaspill just the start?|author=u/B_drgnthrn|date=2025-07-27|work=Reddit|access-date=2025-07-28|archive-url=https://archive.ph/jduIg|archive-date=2025-07-28|url-status=live}}</ref> Another website would be made on Google maps that paired user ID strings with their approximate location.

On July 25, 2025, a 4chan post detailed a Firebase database leak connected to the Tea app which included 72,000 images, 13,000 being selfies and state IDs with the remaining 59,000 being from direct messages and posts.<ref>{{Cite web|url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-25|work=404 Media|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|archive-date=2025-07-27|url-status=live}}</ref> It was alleged by the anonymous user the database contained no credential authentication.<ref>{{Cite web|url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail|first=Jose|last=Lanz|date=2025-07-25|work=Decrypt|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|archive-date=2025-07-27|url-status=live}}</ref> Due to the nature of the alleged unencrypted database, users from 4chan were able to use the leaked data to create a website called "TeaSpill" for others to choose one of two selfies based on looks.<ref>{{Cite web|url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/|title=Is teaspill just the start?|author=u/B_drgnthrn|date=2025-07-27|work=Reddit|access-date=2025-07-28|archive-url=https://archive.ph/jduIg|archive-date=2025-07-28|url-status=live}}</ref> Another website would be made on Google maps that paired user ID strings with their city's approximate location.

File:Tea Dating Advice Google Map.png|The Google Map data point cluster of some Tea users.

File:Tea Dating Advice Google Map.png|The Google Map data point cluster of some Tea users' cities.

</gallery>

On July 27, Tea made an official statement hidden on their website that stated no email addresses or phone numbers were breached and "only users who signed up before February 2024 were affected".<ref>{{Cite web|url=https://www.teaforwomen.com/cyberincident|title=Official Statement|work=Tea|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727215259/https://www.teaforwomen.com/cyberincident|archive-date=2025-07-27|url-status=live}}</ref> This questions the reliability of the privacy policy, as the verification photos were not deleted over a year after verifying the accounts, to which Tea claimed it was due to "cyber-bullying prevention". The email also claimed the requirement for ID images was removed at the end of 2023.

</br>The next day on July 28, it was reported by 404Media a second "major security issue" was discovered by Kasra Rahjerdi, an independent security researcher that included 1.1 million direct messages between users, with the messages spanning from 2023 to July 2025.<ref name="404-2">{{Cite web|url=https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/|title=A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-28|work=404 Media|access-date=2025-07-28|archive-url=https://web.archive.org/web/20250728172154/https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/|archive-date=2025-07-28|url-status=live}}</ref> The contents of some messages included abortion, sharing information about husbands, and phone numbers.

==See also==

@@ Line 29: / Line 29: @@
 ===Public database leak (''2025'')===
 [[File:Tea breach 4chan post.jpg|thumb|right|The original 4chan post advertising the leak]]
-On July 25, 2025, a 4chan post detailed a Firebase database leak connected to the Tea app which included 72,000 images, 13,000 being selfies and state IDs with the remaining 59,000 being from direct messages and posts.<ref>{{Cite web|url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-25|work=404 Media|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|archive-date=2025-07-27|url-status=live}}</ref> It was alleged by the anonymous user the database contained no credential authentication.<ref>{{Cite web|url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail|first=Jose|last=Lanz|date=2025-07-25|work=Decrypt|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|archive-date=2025-07-27|url-status=live}}</ref> Due to the nature of the alleged unencrypted database, users from 4chan were able to use the leaked data to create a website called "TeaSpill" for others to choose one of two selfies based on looks.<ref>{{Cite web|url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/|title=Is teaspill just the start?|author=u/B_drgnthrn|date=2025-07-27|work=Reddit|access-date=2025-07-28|archive-url=https://archive.ph/jduIg|archive-date=2025-07-28|url-status=live}}</ref> Another website would be made on Google maps that paired user ID strings with their approximate location.
+On July 25, 2025, a 4chan post detailed a Firebase database leak connected to the Tea app which included 72,000 images, 13,000 being selfies and state IDs with the remaining 59,000 being from direct messages and posts.<ref>{{Cite web|url=https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|title=Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-25|work=404 Media|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727101532/https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan/|archive-date=2025-07-27|url-status=live}}</ref> It was alleged by the anonymous user the database contained no credential authentication.<ref>{{Cite web|url=https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|title=Tea App That Claimed to Protect Women Exposes 72,000 IDs in Epic Security Fail|first=Jose|last=Lanz|date=2025-07-25|work=Decrypt|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727222442/https://decrypt.co/331961/tea-app-claimed-protect-women-exposes-72000-ids-epic-security-fail|archive-date=2025-07-27|url-status=live}}</ref> Due to the nature of the alleged unencrypted database, users from 4chan were able to use the leaked data to create a website called "TeaSpill" for others to choose one of two selfies based on looks.<ref>{{Cite web|url=https://www.reddit.com/r/ask/comments/1maag7d/is_teaspill_just_the_start/|title=Is teaspill just the start?|author=u/B_drgnthrn|date=2025-07-27|work=Reddit|access-date=2025-07-28|archive-url=https://archive.ph/jduIg|archive-date=2025-07-28|url-status=live}}</ref> Another website would be made on Google maps that paired user ID strings with their city's approximate location.
 <gallery>
-File:Tea Dating Advice Google Map.png|The Google Map data point cluster of some Tea users.
+File:Tea Dating Advice Google Map.png|The Google Map data point cluster of some Tea users' cities.
 </gallery>
 On July 27, Tea made an official statement hidden on their website that stated no email addresses or phone numbers were breached and "only users who signed up before February 2024 were affected".<ref>{{Cite web|url=https://www.teaforwomen.com/cyberincident|title=Official Statement|work=Tea|access-date=2025-07-27|archive-url=https://web.archive.org/web/20250727215259/https://www.teaforwomen.com/cyberincident|archive-date=2025-07-27|url-status=live}}</ref> This questions the reliability of the privacy policy, as the verification photos were not deleted over a year after verifying the accounts, to which Tea claimed it was due to "cyber-bullying prevention". The email also claimed the requirement for ID images was removed at the end of 2023.
+</br>The next day on July 28, it was reported by 404Media a second "major security issue" was discovered by Kasra Rahjerdi, an independent security researcher that included 1.1 million direct messages between users, with the messages spanning from 2023 to July 2025.<ref name="404-2">{{Cite web|url=https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/|title=A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating|first1=Emanuel|last1=Maiberg|first2=Joseph|last2=Cox|date=2025-07-28|work=404 Media|access-date=2025-07-28|archive-url=https://web.archive.org/web/20250728172154/https://www.404media.co/a-second-tea-breach-reveals-users-dms-about-abortions-and-cheating/|archive-date=2025-07-28|url-status=live}}</ref> The contents of some messages included abortion, sharing information about husbands, and phone numbers.
 ==See also==