A Second Tea Breach Reveals Users' DMs About Abortions and Cheating

A second, far more recent data breach at women's dating safety app Tea has exposed over a million sensitive user messages -- including discussions about abortions, infidelity, and shared contact info. This vulnerability not only compromised private conversations but also made it easy to unmask anonymous users. 404 Media reports: Despite Tea's initial statement that "the incident involved a legacy data storage system containing information from over two years ago," the second issue impacting a separate database is much more recent, affecting messages up until last week, according to the researcher's findings that 404 Media verified. The researcher said they also found the ability to send a push notification to all of Tea's users.

It's hard to overstate how sensitive this data is and how it could put Tea's users at risk if it fell into the wrong hands. When signing up, Tea encourages users to choose an anonymous screenname, but it was trivial for 404 Media to find the real world identities of some users given the nature of their messages, which Tea has led them to believe were private. Users could be easily found via their social media handles, phone numbers, and real names that they shared in these chats. These conversations also frequently make damning accusations against people who are also named in the private messages and in some cases are easy to identify. It is unclear who else may have discovered the security issue and downloaded any data from the more recent database. Members of 4chan found the first exposed database last week and made tens of thousands of images of Tea users available for download. Tea told 404 Media it has contacted law enforcement. [...]

This new data exposure is due to any Tea user being able to use their own API key to access a more recent database of user data, Rahjerdi said. The researcher says that this issue existed until late last week. That exposure included a mass of Tea users' private messages. In some cases, the women exchange phone numbers so they can continue the conversation off platform. The first breach was due to an exposed instance of app development platform Firebase, and impacted tens of thousands of selfie and driver license images. At the time, Tea said in a statement "there is no evidence to suggest that current or additional user data was affected." The second database includes a data field called "sent_at," with many of those messages being marked as recent as last week.

Re:

[Anonymous Coward]

I am starting to wonder if this app is actually a trap.

It was designed to give women a place to post hurtful content about men, with images and impunity. And, in fact, it just keeps revealing their dirty laundry to the world.

Smart money is on avoiding this app, and anything else created by the same people.

The world is over-populated by stupid people

[Valgrus Thunderaxe]

Abortions should be promoted by all rational people.

Re:

[PPH]

Texas disagrees. And given their bounty program, it's not just the women who have to worry. Healthcare providers will be at risk.

Re:The world is over-populated by stupid people

[fahrbot-bot]

Texas disagrees.

See subject. :-) Slamming TX representative, more than its citizens as apparently 78% of Texas voters think abortion should be allowed in some form, UT poll shows [texastribune.org] - meaning their representatives pass these things against citizens' wishes. On the other hand, the people keep voting for them, probably for other reasons, so that's on them.

But, more seriously, ...

And given their bounty program, it's not just the women who have to worry. Healthcare providers will be at risk.

Agreed.

Re:

[PPH]

On the other hand, the people keep voting for them, probably for other reasons

Probably so. Many people are single issue voters. Happy to hold their noses and vote for some turd as long as he defends what they value. "The loyal opposition" knows what these issues are, but refuses to keep clear of the third rail. So they are holding a lot of sensible legislation hostage in order to promote the loony fringe agenda. Time to drag the loonies out into the desert, duct tape them to a cactus and leave them for the scorpions.

Pro-Abortion

[alternative_right]

Some solid arguments:

1. The law can't prevent the actual activity, only make it more dangerous.

2. Death of fetuses occurs in nature.

3. Many who live, should have been aborted.

4. Too many kids is a poverty trap.

5. People who accidentally reproduce with morons need to correct this.

6. The enforcement of anti-bort laws is worse than abortion.

I acknowledge that abortion is unjust killing, per the Christians, but I think this is secondary. Banning abortion is worse than allowing it.

Re:

[Anonymous Coward]

I acknowledge that abortion is unjust killing, per the Christians, but I think this is secondary. Banning abortion is worse than allowing it.

Biblically, you are wrong. Over and over, the Bible defines life as beginning with breath.

Re:

[ceoyoyo]

And gives instructions for how to perform an abortion.

I suspect the anti-abortion Christians just want pregnancy to be a punishment for having sex.

Re:

[gweihir]

2. Death of fetuses occurs in nature.

Apparently about 80% in humans. Hence by the deranged "arguments" of the theist fuckups, having sex with the result of pregnancy is an 80% probability murder. The only moral thing would hence be to totally outlaw sex and punish it as attempted murder.

But that would require rational thought. Something these people do not have.

Re:

[anoncoward69]

I wouldn't say so when you see the numbers of people getting abortions in the "meninated" community. They do it because they're too stupid to not have unprotected sex and have to deal with the aftermath by having an abortion or having another hungry mouth on the govt dole.

There are more than two sides

[OrangeTide]

Abortion should be the default position. It is the responsibility of potential parents to make thier case for life.

Of the two extremes, prohibited abortion and mandatory abortion, I stand in the middle. That nobody should be forced to have a child, and that it should be a collective rational decision.

I suppose one could move even closer to the pro-life side by arguing that nobody should be forced to receive an abortion. AND also maximize individual liberty by saying nobody should be forced into either way,

Re:

[anoncoward69]

Women should need to carry a license to procreate. it's forbidden by penalty of jail time to get pregnant without getting this license. To get the license you'll need to prove you are of sound mind to raise a child and have appropriate housing and income to raise the child. If that housing comes from either the mother on her own or though marriage is something the women can decide and to have to meet he min govt requirements either on her own or though a partnership.

Re: There are more than two sides

[zawarski]

Given that men can inseminate far more often than a woman can get pregnant, it would be more effective to require men to get a license to impregnate.

Re:

[OrangeTide]

Put everyone in prison, it's the perfect system.

Re: The world is over-populated by stupid people

[memory_register]

The actually wise people will outlive your murder of babies.

Non-Logging Polices

[Aero77]

This is a great example of why user data should be as short-lived as possible. This topic can have serious legal ramifications based on jurisdiction.

Re:

[TWX]

This is a great example of why one shouldn't consider anything put on the Internet anywhere to truly be secure.

It's also a great example of not trusting those who set up platforms. Just because they have ideas doesn't mean that they know how to properly develop those ideas.

Re:Non-Logging Polices

[ZombieCatInABox]

You don't always have a choice.

In order to function in society at some point you have to give some personal information to someone: Your governement, your bank, your insurance, your doctor.

And they eventually put this information on the Internet.

Re: Non-Logging Polices

[NagrothAgain]

right, but the entire purpose of this app is for gossip and trashtalking, which are things you shouldn't do "in writing" if you're worried about it ever coming back to you.

Re:

[ceoyoyo]

Your government, bank, insurance, physician, all of these have quite extensive laws regarding the security of your information.

Giving your personal information to a random dude on the Internet (and yes, it's a random dude)? A random dude on the Internet who's encouraging you to gossip?

Re:

[thegarbz]

Maybe the bigger question is why is the random dude on the internet not covered by extensive laws regarding the security of other people's information.

Re: Non-Logging Polices

[blue trane]

If they used AI would you be blaming the AI even though it happened anyway?

Re:

[davidwr]

This is a great example of why one shouldn't consider anything put on the Internet anywhere to truly be secure.

I understand your point, but in some cases you can put encrypted things on the internet. I would go so far as to say that in some cases, you should put encrypted things on the internet so they are less likely to get lost.

A trivial example is if I have a huge treasure-trove of sensitive data stored on an isolated computer but I need to get it to a hostile country where I'll be searched in customs, I can encrypt it, spit it into a bunch of pieces, embed those pieces in innoculous data using stegonography, th

Re:

[rsilvergun]

Yeah but think about the cash value of all that data. You don't just delete something like that. Not when there's money on the table

Re:

[backslashdot]

We may need a personal data deletion law of some kind. Say 5 years? That allows enough time for illegal activity to still be available for legit law enforcement purposes. It should allow for anonymized data to be retained though I guess.

Re:

[Aighearach]

Now imagine the business owner being dumb enough to actually announce to the world that she'd been supplying the markers.

I'm imagining nobody caring?

Except the guy without a marker, who might go into the gas station and ask for one for free, instead of buying one. He thinks she's really great! So great that he also bought a beer. She's craftier than you imagined.

Re:If "Tea" was really a "dating safety app"...

[registrations_suck]

Did you even read the summary?

Re:

[registrations_suck]

I notice that you don't say my statement is wrong.

And I I will say it again. A lot of people HAVE fucked children, and many (maybe even most of them) were children themselves while doing so.

Re:

[TWX]

Karen: Jerry? Before we leave, do me one small favor, will you?

Jerry: Sure. What?

Karen: Would you mind showing me a credit card and a valid driver's license?

Jerry: You're kidding. Why?

Karen: I'd like to run a "couple compatibility" check.

Jerry: What the heck is that?

Karen: You know, Jerry, it's tough being a single girl in the big city. You meet all kinds of phonies and creeps. That's why this machine comes in handy. I just enter your I.D., and the central computer will tell me about your background.

--Am

Re:

[Ol Olsoc]

... there would have been no reason to collect data about "abortions" or "cheating" there. But maybe it was more like a toxic rumor spreading club?

Yeah, something is a little odd here. Seems like a sort of honeypot for gullible women? Who in their right mind would post that kind of stuff on a "dating safety app?"

A lot of places are encountering issues, as some women have been posting names and addresses to doxx about men they are dating. And using those places the women find out they are in situationships with the same guys.

The odd thing is they act surprised, considering the on dating apps 80 percent of women find only some top 10-20 percent o

Re: If "Tea" was really a "dating safety app"...

[TuballoyThunder]

Don't know if it was a toxic rumor club, but it would not surprise to learn that the platform encouraged such behavior because (1) that type of content increases engagement and (2) they need to differentiate from the other apps.

Re:

[anoncoward69]

This is exactly what it was. And it was likely started by some feminanazi be EXACTLY this. These women deserve EVERYTHING that comes out of their use of this app and the data breeches. At this point they might as well just pull this whole app offline to limit any further damage, Not that I think you can get much more worse then leaving photo's of IDs out in an unprotected bucket and now a breach of private messages.

The end of data breach fatigue

[thecombatwombat]

There's a cyber security angle to this story that I don't think is getting talked about nearly enough.

I think it was the Target breach a few years ago, where a huge number of non-techie people just stopped caring about data breaches. They gave up "I just assume my data is out there anyways" and the like became a normal line.

But with this . . . people are going to get mad. The "fappening" moved the needle. In about a year suddenly every big company adopted 2FA. Will this finally make the US adopt some serious data protection rules? Will the class action against Tea that's likely coming actually drive them out of business?

Big precedent setting events are likely on the way.

Re:

[PPH]

the Target breach a few years ago, where a huge number of non-techie people just stopped caring about data breaches.

I just pay cash. Don't like it? Or get upset when I won't sign up for your loyalty program? Go complain to Target. They put everyone on my default shit list. Earn your way off of it.

Re:

[h33t l4x0r]

Wait you're saying the fappening is why I have to check my email to log in to everything now?

Re:

[thecombatwombat]

Oh yeah, it absolutely played a big part. This timeline of 2FA even has a special section about it:

https://www.newamerica.org/in-... [newamerica.org]

Basically Apple had to scramble, to both insist that their systems were not hacked, but also that they were doing something about it. So they finally started pushing 2FA, and where Apple goes, the industry goes.

Re:

[thegarbz]

No, your inability to setup a proper authentication system with a proper 2FA tool is why you need to check your email to log into everything now. ;-)

Seriously Email is the worst form of 2FA. SMS the second worst. I hate companies that provide those as the only option.

Re:

[anoncoward69]

LOL it's not going to take a class action to put Tea out of business. At this point if anyone is actually still using this app they seriously need to get their head checked. Hopefully all that's left "using" the app are those trying to breech more out of it.

Re:

[ceoyoyo]

Probably not. Remember Ashley Madison, that matchmaking site for adultery that leaked everything? It's still around. The parent company changed its name and they switched their tag line for a couple years, then switched back. Apparently they've still got tens of millions of members.

Shit Show

[registrations_suck]

Man. What a shit show.

That's the end of THAT company!

LMFAO and the comedy keeps coming

[anoncoward69]

Man these women got all they deserved for using this app. OMG i can't stop laughing. I can't wait to see what leaks out next.

So much Irony here

[silvergig]

A group of runner women wanting to make sure that they're not fucking a dude that 10 other women are fucking.

Women have rosters of men. But it's not okay for men to do the same thing. If a woman decides that you're good enough to go out with, she is purely entitled to you and your time, affection, and loyalty. Change your mind? She will then destroy you in the court of public opinion.

So glad to have retired from dating years ago.

Re:

[anoncoward69]

This is why so many men are going gay now. It's just not worth dealing with a woman's BS

Re:

[snookiex]

That's the most scientific explanation for homosexuality I've ever heard.

Re:

[anoncoward69]

Well it's either go gay or go MGTOW Incel

Re:

[Dixie_Flatline]

Based on this comment, I'm sure women are too.

Vibe coded

[cygnusvis]

When vibe coding turns into lawsuits

need more of this

[PantyChewer]

people will only learn not to put stupid, incriminating, or potentially harmful material anywhere on the internet unless it keeps getting released and dumb people realize that no where is "safe"

It's only legacy data. It doesn't matter...

[thegarbz]

Just a quick show of hands here how many of you are living in the same house that you were in 2 years ago?
How many of you still have the same drivers license from 2 years ago?
How many of you have not had major facial reconstructive surgery in the past 2 years?

These guys deserve a life of continuously having their pubic hairs individually plucked out .