Slashdot: Women Dating Safety App ‘Tea’ Breached, Users’ IDs Posted To 4chan

Jul 25, 2025

—

Source URL: https://yro.slashdot.org/story/25/07/25/1934249/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Women Dating Safety App ‘Tea’ Breached, Users’ IDs Posted To 4chan

Feedly Summary:

AI Summary and Description: Yes

**Summary:** The text describes a significant data breach involving the Tea app, which has exposed sensitive user data, including selfies and driver’s licenses, leading to privacy concerns and regulatory implications. This incident highlights the vulnerabilities associated with mobile app security on cloud platforms and raises critical questions about user privacy and data protection practices.

**Detailed Description:** The incident involving the Tea app represents a serious breach of user privacy and data security, highlighting multiple pressing issues relevant to professionals in the fields of security, cloud computing, and compliance. Key points include:

– **Nature of the Breach**: Users on 4chan have reported finding an exposed database hosted on Firebase, which contained personal data belonging to users of the Tea app, including selfies and driver’s license images.

– **Response from Tea**: The app developer confirmed that the breach affected some direct messages and had believed the compromised data was from two years ago. They state they are investigating the incident and have engaged third-party cybersecurity experts.

– **User Data Compromise**:
– Over 72,000 images were affected, including:
– 13,000 selfies and ID photos.
– 59,000 images from app posts and messages.
– The exposed database lacked adequate authentication measures, which allowed unrestricted access to sensitive user materials, resulting in public doxxing.

– **Contentious User Verification**: The app used selfie and ID verification to onboard users, contributing to the sensitive nature of the exposed data. This reliance on personal images raises pertinent questions about compliance with data protection regulations.

– **Implications for Security Practices**:
– Highlights the importance of robust data security measures in the cloud-based app environment, where misconfigurations can lead to severe breaches.
– Indicates the necessity for all applications, particularly those handling personal and sensitive information, to implement strong access controls and authentication measures.

– **Regulatory and Compliance Considerations**: Given that personal data was involved, the incident may invoke regulatory scrutiny related to privacy laws (e.g., GDPR, CCPA), which emphasize the protection of user data and could lead to potential penalties if found non-compliant.

– **Current Action by Tea**: As part of their mitigation strategy, the app developer mentioned steps being taken to secure the platform and reassess their compliance with data protection standards, indicating their prioritization of user data privacy moving forward.

This incident serves as a vital case study for security professionals, reinforcing the need for ongoing vigilance and adherence to best practices in cloud security and user data protection.

1 2 24 3 4 4chan 5 7 a access access control access controls Act AI alt and app app security Application applications art as at ated authentication authentication measures AWS based being Best best practices Bi board breach breaches by C case study CCPA CERN CI CIA Cloud cloud computing cloud platform cloud platforms cloud security cloud-based co compliance compliance considerations compromised Computing concerns Configuration configurations content control controls critical Current cyber cybersecurit Cybersecurity cybersecurity expert cybersecurity experts D data data breach data compromise data privacy Data Protection data protection practices Data Protection Regulation data protection regulations data security data security measures database de developer DoT doxxing drive e ELF environment exp expert Experts Firebase for g GDPR Go H handling high Highlight hosted http HTTPS image implications implications for security in incident information io Iron issue k Key l Lance law leading led Li license Link long low M Materials measures Misconfiguration misconfigurations mitigation mitigation strategy Mobile Mobile App mobile app security multi N NGO no non o of on one ory oS out over party Penalties per personal data platform platforms point post potential practices pre prioritization privacy privacy concerns privacy law privacy laws pro professionals protection ps public Q question R Raise rate RCE re Regulation regulations regulatory regulatory implications regulatory scrutiny report response Ro RoT s safe safety sec secure security Security Expert security experts security measure security measures security practices security professionals self sensitive information side Sig size SoC source SSE SSO standards state STIG Strategy study T ted text the third third-party to Tor TP two US use user user data user data compromise user data privacy user data protection user privacy Users uth V verification vigilance vulnerabilities Wi x z