The New Tea App Breach Exposes 72,000 Selfies, ID Photos and Other User Images
According to Tea’s preliminary findings, the breach allowed access to approximately 72,000 images, broken down into two groups: 13,000 images of selfies and photo identification that people had submitted during account verification and 59,000 images that were publicly viewable in the app from posts, comments and direct messages.
The subject of a major security breach. The company confirmed Friday that it has “identified authorized access to one of our systems” that exposed thousands of user images.
The images had been in a “legacy data system” that contained information from more than two years ago, the company says.
Earlier on Friday, posts on Reddit and 404 Media reported that Tea app users’ faces and IDs had been posted on anonymous online messageboard 4chan.
Tea requires users to verify their identities with selfies or IDs, which is why driver’s licenses and pictures of people’s faces are in the leaked data.
The premise of Tea is to provide women with a space to report negative interactions they’ve had while encountering men in the dating pool, purportedly to keep other women safe.
The app hit the No. 1 spot on Apple’s US App Store this week, drawing international attention and sparking a debate about whether the app violates men’s privacy.
If the reports of a breach turn out to be true, it will also play into the wider ongoing debate around whether online identity and age verification pose an inherent security risk to internet users.
