Users are suing the Tea Dating Advice app over a data breach that leaked 72,000 images and other personally identifiable information (PII).
Two people have come forward and are suing the male vetting dating app, Tea, over a data breach that exposed tens of thousands of images and other PII.
Plaintiff Griselda Reyes has brought the lawsuit against Tea after the dating app failed “to properly secure and safeguard…personally identifiable information stored within (Tea’s) information network.”
The lawsuit, found by 404 Media, which first reported the breach, states that the PII involved includes personal images of users and photo identification documents.
The dataset reportedly includes roughly 72,000 images, including roughly 13,000 selfies and photo IDs, 59,000 images that are publicly accessible on the app, comments, and direct messages.
Reyes' lawyers allege that her personal information was accessed during the breach, which has caused damage and “increased risk of fraud and identity theft.”
Tea is an anonymous female-only dating app that allows women to share and search for information on men anonymously.
Tea supposedly said that at the beginning of the app's development, the company “required selfies and IDs as an added layer of safety to ensure that only women were signing up for the app,” the lawsuit reads.
However, the lawsuit also claims that the company “promised users that the images would be deleted,” which later turned out to be untrue.
Following Tea’s requests, users posted selfies and submitted photo IDs to the app, which, instead of deleting, the app stored “on an unsecured Firebase storage bucket, which was accessed by an unauthorized individual and posted on the infamous 4chan message board.”
Later, another 4chan post appeared that claimed to have located 1.1 million leaked messages sent between users on the Tea platform, the lawsuit claims.
While the app prides itself on anonymity, the lawsuit claims that “the leaks allow anyone to identify users based on social media profiles, phone numbers, or other personal details revealed in the messages.”
Tea, “instead of empowering women, has actually put them at serious risk of harm,” the lawsuit states.
The second lawsuit was brought forward by an anonymous Jane Doe, who claims that she wanted to alert Tea users to a man who sexually assaulted at least two other women, Business Insider reports.
Spill the Tea: the real problem with this breach
There are many problems with a breach of this magnitude. The personally identifiable information exposed, like selfies and photo IDs, could lead to identity theft or fraud.
Furthermore, the sensitive nature of this app, which allows women to leave “reviews” on men they’ve dated, could open these users up to harassment, stalking, or worse.
In particular, the leak of sensitive private messages could identify dangerous men and the women who have reported them.
If what the lawsuit alleges is true, that “the leaks allow anyone to identify users based on social media profiles, phone numbers, or other personal details revealed in the messages,” then these women could be vulnerable to cyberstalking or physical stalking, especially if they’ve revealed information about specific men on the app.
Cybernews previously reported that an independent security researcher told 404 Media that it discovered “it was possible for hackers to access messages between users discussing abortions, cheating partners, and phone numbers they sent to one another.“
Tea is a US-based app – therefore, this information is particularly sensitive given the current climate in the country regarding abortion.
Your email address will not be published. Required fields are markedmarked