Whatever your opinions of the Tea app are, the breach of its security has serious implications for its users. This is an ongoing story which is just getting worse as more details as to what exactly was stolen are being discovered.
Tea app leak worsens with second database exposing user chats
What is the Tea app?
I’ll quote Lawrence Abrams here; “The Tea app is a women-only dating safety platform where members can share reviews about men, with access to the platform only granted after providing a selfie and government ID verification”.
Two things are obvious from that description; the site holds a lot of sensitive information and there are possibly people out there with a grudge against the site and some of those probably have either the skills or the contacts or both to orchestrate an attack against the site’s cyber security.
But we delete identification images…
Tea had said it was deleting images uploaded for identification purposes, however this has proven not to be true, for users registered before 2024, as thousands of sensitive images have been stolen from a legacy database.
Over 59GB of data has been stolen and compromised and much of it is now being shared or is available in public forums. BleepingComputer’s investigations of the data exposed confirms it contains “driver’s licenses, selfies, and message attachments”.
Your takeaway
Apart from the obvious – delete data if you say you are going to – legacy systems, that are often forgotten about, are a cyber security risk.
Have you thought about an audit to check on your cyber security readiness?
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
What do you know about your website?
Summer Cyber Security Webinars
The summer webinar series has started. It is not too late to sign up for the rest of the series and then you can get access to the recording of the episodes you missed.
