Tea Dating App Suffers Second Breach: 1 Million+ Private Messages, Abortion Talks, and IDs Exposed

Earlier, the women-only dating application Tea suffered a data breach, during which a 4Chan user accessed 72,000 images from its servers, including 13,000 selfies and identification document photos. Tea disclosed that user accounts registered before February 2024 were affected by the breach.

Unexpectedly, the app’s security infrastructure proved alarmingly fragile. Security researchers have now uncovered a further breach, exposing over one million pieces of sensitive user data, including discussions related to abortion, infidelity, and the sharing of personal contact information.

To briefly introduce the app: Tea permits registration exclusively by women, requiring ID verification through submitted documents and selfies. Its primary function is to facilitate discussions about dating partners, including the sharing of their photos or contact details for others to potentially initiate dates.

As such, the newly exposed private messages contain a trove of intimate content—users’ photos, personal contact details, and numerous confidential conversations. These include social media accounts, real names, and phone numbers, rendering identity tracing trivially easy for bad actors.

Alarmingly, researchers also discovered a vulnerability within Tea’s push notification management system. Exploiting this flaw, they could broadcast messages en masse to all users—an opening for attackers to distribute phishing scams, lure victims to fraudulent websites, or impersonate potential romantic partners in so-called “pig-butchering” schemes.

It’s worth emphasizing that both the image database leaked by 4Chan and the private message archive uncovered by researchers were inadvertently exposed online by Tea itself due to flawed security configurations. This means that the data may have already been harvested by malicious actors long before these incidents came to light.

This is tantamount to having your every conversation on a messaging platform silently surveilled by outsiders. What you believe to be private is, in reality, publicly accessible—serving as a stark warning to never place blind trust in the security of such platforms, including other messaging tools.

Related Posts:

• Tea Dating App Hacked: 72,000 Images, Including Selfies & IDs, Leaked on 4Chan
• GitLab Explores Sale, Sparks Bidding War Among Tech Giants

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy