The dating app Tea said it has disabled its direct messaging feature after more than one million private messages were leaked on several hacker forums – this is after hackers gained access to a database of over 72,000 images this past weekend.
The dating advice website, which markets itself as “a secure, anonymous platform” for over 4,647,000 women to identify catfishes and run criminal background checks on potential dates, posted an update about the cyber incident on its website and Instagram account on Tuesday.
The initial Tea breach was discovered at 6:44 a.m. on July 25th after the company said it had "identified unauthorized access" to one of its “legacy data storage systems," exposing a dataset from prior to February 2024."
“This dataset includes approximately 72,000 images, including approximately 13,000 selfies and photo identification submitted by users during account verification and approximately 59,000 images publicly viewable in the app from posts, comments, and direct messages,” it said.
"No email addresses or phone numbers were accessed. Only users who signed up before February 2024 were affected," the dating safety advocates said.
According to 404 Media, users from 4chan claim to have discovered an exposed database hosted on Firebase that belongs to Tea.
On Monday, 404 media revealed new information about a second leak that has exposed “much more” Tea user data than initially believed.
An independent security researcher told the media outlet that it discovered “it was possible for hackers to access messages between users discussing abortions, cheating partners, and phone numbers they sent to one another.“
The news is a big blow to the women-focused company, which has been trying to contain the fallout, launching a full investigation with the help of outside cybersecurity experts and the FBI.
“We have recently learned that some direct messages (DMs) were accessed as part of the initial incident. Out of an abundance of caution, we have taken the affected system offline,” the company's "teapartygirls" wrote in a three-part post on Instagram on Tuesday.
"At this time, we have found no evidence of access to other parts of our environment," they said, promising to “keep users informed as quickly as possible.
"Please know that our team remains fully engaged in strengthening the Tea App's security," they said.
Committing to strengthening the app's security, Tea said it is currently “working to identify any users whose personal information was involved and will be offering free identity protection services to those individuals.”
While we acknowledge the seriousness of the incident, Tea said it realizes the app is needed now, more than ever, noting the company’s mission to “empower, support, and amplify the voices of women navigating the modern dating world.”
Your email address will not be published. Required fields are markedmarked