The women's dating safety app Tea is facing backlash after a major data breach. Over 72,000 user photos were exposed, raising serious questions about user privacy and the potential misuse of biometric information.
Tea has verified that the hack involved about 13,000 selfies and government IDs employed for authentication. Another 59,000 images from comments, DMs, and posts were also hacked. These were publicly accessible within the app but are now verified to have been scraped and hosted in an unauthorized setting.
The app's primary user base, women seeking to screen men anonymously, makes this vulnerability especially risky. Rachel Tobac, CEO and co-founder of SocialProof Security, told CNN that a selfie, “by itself is seemingly innocuous,” could be combined with other information to break into bank accounts or facilitate impersonation.
A spokesperson from the Tea app stated that only users who signed up before February 2024 were affected. They clarified that no phone numbers or email addresses were leaked. Since then, the company has engaged third-party cybersecurity professionals and indicates that all of the compromised information is now protected.
As opposed to passwords, IDs, and selfies, they can't be altered. XSOC Corp's Richard Blech pointed out this deficiency, "There's going to be action on that stolen information. There's no question about it." Experts say that sites handling sensitive user information need to have much greater protections in place by default.
The Tea app’s data breach is a stark reminder of the risks associated with using platforms that process personal and biometric information, especially ones that claim to enhance security. Tea is moving quickly to improve its cybersecurity capabilities, but damage to user trust may be hard to recover.
Also Read: Ransomware Gang Leaks Tata Technologies' Data on Dark Web: Cybersecurity Alert!