A Second Tea Breach Reveals Users' DMs About Abortions and Cheating (404media.co) 110
A second, far more recent data breach at women's dating safety app Tea has exposed over a million sensitive user messages -- including discussions about abortions, infidelity, and shared contact info. This vulnerability not only compromised private conversations but also made it easy to unmask anonymous users. 404 Media reports: Despite Tea's initial statement that "the incident involved a legacy data storage system containing information from over two years ago," the second issue impacting a separate database is much more recent, affecting messages up until last week, according to the researcher's findings that 404 Media verified. The researcher said they also found the ability to send a push notification to all of Tea's users.
It's hard to overstate how sensitive this data is and how it could put Tea's users at risk if it fell into the wrong hands. When signing up, Tea encourages users to choose an anonymous screenname, but it was trivial for 404 Media to find the real world identities of some users given the nature of their messages, which Tea has led them to believe were private. Users could be easily found via their social media handles, phone numbers, and real names that they shared in these chats. These conversations also frequently make damning accusations against people who are also named in the private messages and in some cases are easy to identify. It is unclear who else may have discovered the security issue and downloaded any data from the more recent database. Members of 4chan found the first exposed database last week and made tens of thousands of images of Tea users available for download. Tea told 404 Media it has contacted law enforcement. [...]
This new data exposure is due to any Tea user being able to use their own API key to access a more recent database of user data, Rahjerdi said. The researcher says that this issue existed until late last week. That exposure included a mass of Tea users' private messages. In some cases, the women exchange phone numbers so they can continue the conversation off platform. The first breach was due to an exposed instance of app development platform Firebase, and impacted tens of thousands of selfie and driver license images. At the time, Tea said in a statement "there is no evidence to suggest that current or additional user data was affected." The second database includes a data field called "sent_at," with many of those messages being marked as recent as last week.
It's hard to overstate how sensitive this data is and how it could put Tea's users at risk if it fell into the wrong hands. When signing up, Tea encourages users to choose an anonymous screenname, but it was trivial for 404 Media to find the real world identities of some users given the nature of their messages, which Tea has led them to believe were private. Users could be easily found via their social media handles, phone numbers, and real names that they shared in these chats. These conversations also frequently make damning accusations against people who are also named in the private messages and in some cases are easy to identify. It is unclear who else may have discovered the security issue and downloaded any data from the more recent database. Members of 4chan found the first exposed database last week and made tens of thousands of images of Tea users available for download. Tea told 404 Media it has contacted law enforcement. [...]
This new data exposure is due to any Tea user being able to use their own API key to access a more recent database of user data, Rahjerdi said. The researcher says that this issue existed until late last week. That exposure included a mass of Tea users' private messages. In some cases, the women exchange phone numbers so they can continue the conversation off platform. The first breach was due to an exposed instance of app development platform Firebase, and impacted tens of thousands of selfie and driver license images. At the time, Tea said in a statement "there is no evidence to suggest that current or additional user data was affected." The second database includes a data field called "sent_at," with many of those messages being marked as recent as last week.
The world is over-populated by stupid people (Score:2, Informative)
Re: (Score:1)
Texas disagrees. And given their bounty program, it's not just the women who have to worry. Healthcare providers will be at risk.
Re:The world is over-populated by stupid people (Score:4)
Texas disagrees.
See subject. :-) Slamming TX representative, more than its citizens as apparently 78% of Texas voters think abortion should be allowed in some form, UT poll shows [texastribune.org] - meaning their representatives pass these things against citizens' wishes. On the other hand, the people keep voting for them, probably for other reasons, so that's on them.
But, more seriously, ...
And given their bounty program, it's not just the women who have to worry. Healthcare providers will be at risk.
Agreed.
Re: (Score:3)
On the other hand, the people keep voting for them, probably for other reasons
Probably so. Many people are single issue voters. Happy to hold their noses and vote for some turd as long as he defends what they value. "The loyal opposition" knows what these issues are, but refuses to keep clear of the third rail. So they are holding a lot of sensible legislation hostage in order to promote the loony fringe agenda. Time to drag the loonies out into the desert, duct tape them to a cactus and leave them for the scorpions.
Re: (Score:2)
Republicans just use it as a distraction from more important things.
I see both sides using it as a distraction.
I gave one poor pollster an earful after getting a random phone poll on politics. I got so fed up with being asked about abortion that I just yelled at the poor guy. I wasn't mad at him but I had to make it known somehow that I was fed up on the issue given so many other issues that mattered to my life. Why not ask about food and fuel prices? Or medical care? Or something about tariffs? Why should I give a fuck about abortion laws? Next thing I expect to be
Re: The world is over-populated by stupid people (Score:1)
You just proved his point.
Re: (Score:2)
Now if these reps would out this kind of energy into fixing their power grid which as of December 2024 (last I heard about it) still wasn't fixed.
The pubic school kids will likely be learning about the 10 commandments by flashlight and in freezing classrooms come winter.
Re: (Score:2)
The poll referenced in the article shows that 39% of those polled want abortions available to women for any reason, which makes that a minority position.
The 15% in the poll that say that abortion should not be allowed for any reason is either not understanding the question or was not given the option to specify an allowance for life of the mother. I've yet to see anyone oppose an abortion to save the life of the mother as the expectation is if the pregnancy were allowed to continue that the child would die
Re: (Score:1)
The 15% in the poll that say that abortion should not be allowed for any reason is either not understanding the question or was not given the option to specify an allowance for life of the mother.
Wishful "thinking"
I've yet to see anyone oppose an abortion to save the life of the mother as the expectation is if the pregnancy were allowed to continue that the child would die
Because you didn't see it, it didn't happen? Or you just weren't looking? [calmatters.org] Are you willfully defending anti-abortion absolutists? Because the alternative is even worse for you if you want people to take you seriously, i.e. you just pretend that things are true in order to support your arguments while doing zero research even though you have the same access to search engines as everyone else.
Re: (Score:2)
First, the case you gave was not a matter of saving the life of the mother. The hospital argued that the the abortion would merely prevent some threat of an infection. There was a heartbeat detected so they didn't feel comfortable with ending the pregnancy artificially. They likely knew the ultimate outcome but that doesn't mean they have some obligation to act.
Second, this one example doesn't negate the entire rule.
Just because some rule was not applied as it should have doesn't make the rule a bad rule
Re: (Score:2)
Why is that "health of the mother" added
So that doctors aren't forced to wait until the woman is nearly dead before performing the abortion. Waiting until things are critical can also cause damage to the woman's reproductive system, preventing her from having any future children.
The most sensible criteria is that abortion should be legal for any reason unless the fetus is viable. At that point we can not allow it, with the exceptions of rape, incest, or health of the mother.
Re: (Score:2)
So that doctors aren't forced to wait until the woman is nearly dead before performing the abortion. Waiting until things are critical can also cause damage to the woman's reproductive system, preventing her from having any future children.
As if the process of ending the pregnancy doesn't pose a threat to the future of the woman being able to have children in the future. The addition of the phrase "health of the mother" is a blank check for abortions of convenience and everyone should know this and admit to this. If the woman isn't at death's door from the pregnancy then there still isn't cause to abort. Waiting is called for as whatever is causing the problem could pass, could be treated, or otherwise allow for the child and mother to sur
Pro-Abortion (Score:1)
Some solid arguments:
1. The law can't prevent the actual activity, only make it more dangerous.
2. Death of fetuses occurs in nature.
3. Many who live, should have been aborted.
4. Too many kids is a poverty trap.
5. People who accidentally reproduce with morons need to correct this.
6. The enforcement of anti-bort laws is worse than abortion.
I acknowledge that abortion is unjust killing, per the Christians, but I think this is secondary. Banning abortion is worse than allowing it.
Re: (Score:1)
I acknowledge that abortion is unjust killing, per the Christians, but I think this is secondary. Banning abortion is worse than allowing it.
Biblically, you are wrong. Over and over, the Bible defines life as beginning with breath.
Re: (Score:3)
And gives instructions for how to perform an abortion.
I suspect the anti-abortion Christians just want pregnancy to be a punishment for having sex.
Re: (Score:1)
And gives instructions for how to perform an abortion.
You don't understand the concept of later texts being considered to override earlier texts, do you? If I'm recalling correctly this is a single passage in the Old Testament which is considered a sinful practice in the New Testament.
I suspect the anti-abortion Christians just want pregnancy to be a punishment for having sex.
I suspect most Christians consider pregnancy to be a gift than a punishment. If pregnancy is a punishment then it is a simple matter to avoid it, don't have sex. If anything the "punishment" of sex comes later, the pain of childbirth. Wasn't that part of the deal for Adam and
Re: (Score:2, Insightful)
You don't understand the concept of later texts being considered to override earlier texts, do you? If I'm recalling correctly this is a single passage in the Old Testament which is considered a sinful practice in the New Testament.
"Jesus" "says" in the bible that he's not there to refute God's law, but to confirm it. Yet somehow the same book also supersedes the old information in the same book? All the Christians are really supposed to be Jews, but they're too lazy to actually do things. That's why Christianity is orthodox instead of orthoprax, to embrace laziness. You don't have to do anything to be Saved, just pretend to believe something.
Re: (Score:2, Informative)
If your goal is to somehow prove Christianity is okay with abortion then you will lose. That should be clear to you. Picking out one passage from the Bible to show otherwise doesn't negate a long history of open opposition to abortion. That is just proof that the Church was struggling with the matter at one point, which is something to be expected in any organization. I don't recall the passage being referenced exactly but I recall the conditions to induce an abortion was very narrow and specific, hardl
Re: (Score:2)
If your goal is to somehow prove Christianity is okay with abortion then you will lose.
It isn't. My goal was to show that Christians are hypocrites who believe self-contradictory bullshit because it makes them feel superior to other people, so what they claim to believe is irrelevant as they don't actually have any idea what it is or what it would mean.
Re: (Score:2)
Ah, a Marcionite!
Re: (Score:2)
You can believe whatever lets you sleep soundly at night.
Re: (Score:2)
Biblically, you are wrong. Over and over, the Bible defines life as beginning with breath.
This is not the universal interpretation. Other parts of the Bible imply that life begins with blood and/or while still within the womb. Leviticus 17:11 for example says "The life of the flesh is in the blood". There's also Genesis 9:4 or Isaiah 49:1 to mention a couple. That blood is the repository of life or the soul is also one of the concepts that forms the JW prohibition against blood transfusion.
While I certainly think that "biblically" should have absolutely zero relevance when we're talking about sc
Re: (Score:1)
2. Death of fetuses occurs in nature.
Apparently about 80% in humans. Hence by the deranged "arguments" of the theist fuckups, having sex with the result of pregnancy is an 80% probability murder. The only moral thing would hence be to totally outlaw sex and punish it as attempted murder.
But that would require rational thought. Something these people do not have.
Re: (Score:1)
There are more than two sides (Score:2)
Abortion should be the default position. It is the responsibility of potential parents to make thier case for life.
Of the two extremes, prohibited abortion and mandatory abortion, I stand in the middle. That nobody should be forced to have a child, and that it should be a collective rational decision.
I suppose one could move even closer to the pro-life side by arguing that nobody should be forced to receive an abortion. AND also maximize individual liberty by saying nobody should be forced into either way,
Re: (Score:1)
Re: There are more than two sides (Score:3)
Re: (Score:2)
Given that men can inseminate far more often than a woman can get pregnant, it would be more effective to require men to get a license to impregnate.
At this point in time, who is going to do that? I do interact with a lot of young guys, up to around mid 30's. maybe ten percent are married, another 10 percent are in relationships which presumably have sexual activities involved. The rest are happy to be single and unattached.
And if they really want sex, they can visit professional ladies. Turns out a much cheaper alternative to marrying and raising a family.
Re: (Score:2)
Given that men can inseminate far more often than a woman can get pregnant, it would be more effective to require men to get a license to impregnate.
I believe we have that, it is called a "marriage license".
Part of the license involves a third party making a statement that the couple is not of close relation, both are entering the agreement willingly, and perhaps some other statements I'm forgetting. As I recall it used to be routine for states to require blood tests before marriage to test for "too close" of genetic relations, or at least some test for inherited diseased, but mostly for sexually transmitted diseases. This fell out of favor once antib
Re: (Score:2)
Put everyone in prison, it's the perfect system.
Re: (Score:2)
If they know ahead of time that they can't just "trap" Fred for Steve's baby...it might give them a little pause on cheating around and more babies out there.....just a thought.
Re: (Score:2)
Abortion should be the default position.
Sarcasm noted!
I'm not against abortion at all. Especially when the woman's continued pregnancy might kill her. But in the present world, there appear to be a lot of women who promote it hard - almost to obsession.
But at this point, there are some issues. There are so many ways to prevent giving birth that scraping cells off a uterus is about the least pleasant and most invasive and potentially dangerous way of getting rid of those cells.
Condoms, Morning after pills, birth control pills, IUDs, non-
Re: The world is over-populated by stupid people (Score:1)
Non-Logging Polices (Score:4, Insightful)
Re: (Score:3, Informative)
This is a great example of why one shouldn't consider anything put on the Internet anywhere to truly be secure.
It's also a great example of not trusting those who set up platforms. Just because they have ideas doesn't mean that they know how to properly develop those ideas.
Re:Non-Logging Polices (Score:4, Insightful)
You don't always have a choice.
In order to function in society at some point you have to give some personal information to someone: Your governement, your bank, your insurance, your doctor.
And they eventually put this information on the Internet.
Re: Non-Logging Polices (Score:2)
Re: (Score:2)
Exactly. Records are not the same as opinion pieces in most cases. Records can still be damaging as hell, but they don't usually carry the sort of personal information that can be incredibly provocative as stated opinions or descriptions of behaviors.
Re: (Score:3)
Your government, bank, insurance, physician, all of these have quite extensive laws regarding the security of your information.
Giving your personal information to a random dude on the Internet (and yes, it's a random dude)? A random dude on the Internet who's encouraging you to gossip?
Re: (Score:3)
Maybe the bigger question is why is the random dude on the internet not covered by extensive laws regarding the security of other people's information.
Re: (Score:2)
They are, I’m sure TEA has violated laws, but in general a jury is receptive to “no, we totally didn't give this info to anyone we shouldn’t have, some other dude broke in and stole it (online attack == broke in)” so they won’t be heard accountable by a court for violating user privacy, but they WILL be held accountable by potential future customers who for at least some time into the foreseeable future will remember “oh TEA the people that can’t keep anything priva
Re: (Score:2)
Are you sure you want those kind of laws? Credit card numbers are one thing. User comments are quite another.
Re: (Score:2)
You don't always have a choice.
In order to function in society at some point you have to give some personal information to someone: Your governement, your bank, your insurance, your doctor.
And they eventually put this information on the Internet.
The four organisations you've mentioned have the strictest rules and harshest punishments against violation of those rules when it comes to PII... well at least in civilised countries.
I'm less concerned with my insurer, financier or medical practitioner as they'll be the ones who will keep my data the most secure and keep the minimum amount they can get away with because the risks are so great if they get hacked or worse, allow someone to knowingly sell the data.
Some random application has no such res
Re: (Score:2)
The problem is that there aren't any repercussions because we treat businesses as these mythical people with special rights and privileges. We pretend there is recourse, but there is none for the average person. Heck the only way a single thing will happen here is if the wrong group of people is hurt. Normal peons? PFFFT! One of the protected class? OMGWTFBBQ ELEVENTY-ONE HOW DID THIS HAPPEN??? Then it's a
Re: Non-Logging Polices (Score:2)
If they used AI would you be blaming the AI even though it happened anyway?
Re: (Score:1)
This is a great example of why one shouldn't consider anything put on the Internet anywhere to truly be secure.
I understand your point, but in some cases you can put encrypted things on the internet. I would go so far as to say that in some cases, you should put encrypted things on the internet so they are less likely to get lost.
A trivial example is if I have a huge treasure-trove of sensitive data stored on an isolated computer but I need to get it to a hostile country where I'll be searched in customs, I can encrypt it, spit it into a bunch of pieces, embed those pieces in innoculous data using stegonography, th
Re: (Score:2)
"This is useful if I'm living where the government is unstable and there's a risk of a regime change followed by house-to-house raids looking for people loyal to the previous regime"
*coughwheezeMRCIA*cough::gag*clears throat*
Sorry, that was a really bad one. The thing that always worries about this whole data collection economy is that it runs on the *assumption that the government is rock solid, that there wouldn't be any regime change where the new regime would use all of this data to arrest people, or ca
Re: (Score:3)
Why would anyone consider it ever secure?
There's been at least a 50 year old adage that basically says "never put online anything you don't want to see as the headline on the New York Times". Or basically never post anything private online. And this was during the rise of early online services that the vast majority of people didn't have access to, given computers and modems were a rarity.
It's only
Re: (Score:2)
Re: (Score:2)
We may need a personal data deletion law of some kind. Say 5 years? That allows enough time for illegal activity to still be available for legit law enforcement purposes. It should allow for anonymized data to be retained though I guess.
Re: (Score:2)
Now imagine the business owner being dumb enough to actually announce to the world that she'd been supplying the markers.
I'm imagining nobody caring?
Except the guy without a marker, who might go into the gas station and ask for one for free, instead of buying one. He thinks she's really great! So great that he also bought a beer. She's craftier than you imagined.
Re:If "Tea" was really a "dating safety app"... (Score:4, Funny)
Did you even read the summary?
Re: (Score:2)
I notice that you don't say my statement is wrong.
And I I will say it again. A lot of people HAVE fucked children, and many (maybe even most of them) were children themselves while doing so.
Re: (Score:3)
--Am
Re: (Score:2, Interesting)
... there would have been no reason to collect data about "abortions" or "cheating" there. But maybe it was more like a toxic rumor spreading club?
Yeah, something is a little odd here. Seems like a sort of honeypot for gullible women? Who in their right mind would post that kind of stuff on a "dating safety app?"
A lot of places are encountering issues, as some women have been posting names and addresses to doxx about men they are dating. And using those places the women find out they are in situationships with the same guys.
The odd thing is they act surprised, considering the on dating apps 80 percent of women find only some top 10-20 percent o
Re: (Score:3)
I think the disconnect is you think the women are posting “I’m cheating on my husband and it feels so good!”, they are posting “I think my husband is cheating on me” (and some info about the husband) and getting back “He is, that bastard told me he is single!” (and maybe some info to confirm it, like intimate pictures the wife never saw, or dates he was with the other woman).
In ot
Re: (Score:1)
I think the disconnect is you think the women are posting “I’m cheating on my husband and it feels so good!”, they are posting “I think my husband is cheating on me” (and some info about the husband) and getting back “He is, that bastard told me he is single!” (and maybe some info to confirm it, like intimate pictures the wife never saw, or dates he was with the other woman).
Your mistake is that you assume I'm just dissing on women, because of your reasons. I'm just saying what do you expect on a fem focused site?
Yes homie. Men cheat. But unless it is with other men, it means every male cheater is cheating with a woman - Unless of course there is one very tired but relaxed woman who's having sex with a billion guys.
But homie, my experience is that since women do cheat, it is mathematically impossible - like my single woman banging every cheating male example, they will h
Re: If "Tea" was really a "dating safety app"... (Score:1)
The end of data breach fatigue (Score:4, Insightful)
There's a cyber security angle to this story that I don't think is getting talked about nearly enough.
I think it was the Target breach a few years ago, where a huge number of non-techie people just stopped caring about data breaches. They gave up "I just assume my data is out there anyways" and the like became a normal line.
But with this . . . people are going to get mad. The "fappening" moved the needle. In about a year suddenly every big company adopted 2FA. Will this finally make the US adopt some serious data protection rules? Will the class action against Tea that's likely coming actually drive them out of business?
Big precedent setting events are likely on the way.
Re: (Score:2)
the Target breach a few years ago, where a huge number of non-techie people just stopped caring about data breaches.
I just pay cash. Don't like it? Or get upset when I won't sign up for your loyalty program? Go complain to Target. They put everyone on my default shit list. Earn your way off of it.
Re: (Score:2)
Re: (Score:2)
Oh yeah, it absolutely played a big part. This timeline of 2FA even has a special section about it:
https://www.newamerica.org/in-... [newamerica.org]
Basically Apple had to scramble, to both insist that their systems were not hacked, but also that they were doing something about it. So they finally started pushing 2FA, and where Apple goes, the industry goes.
Re: (Score:2)
No, your inability to setup a proper authentication system with a proper 2FA tool is why you need to check your email to log into everything now. ;-)
Seriously Email is the worst form of 2FA. SMS the second worst. I hate companies that provide those as the only option.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Probably not. Remember Ashley Madison, that matchmaking site for adultery that leaked everything? It's still around. The parent company changed its name and they switched their tag line for a couple years, then switched back. Apparently they've still got tens of millions of members.
Re: (Score:2)
The "fappening" moved the needle. In about a year suddenly every big company adopted 2FA.
I heard on the internet that the fappening is still happening, so it doesn't seem to have helped that much.
Re: (Score:2)
There's a cyber security angle to this story that I don't think is getting talked about nearly enough.
I think it was the Target breach a few years ago, where a huge number of non-techie people just stopped caring about data breaches. They gave up "I just assume my data is out there anyways" and the like became a normal line.
"A few years ago" is 11.5 years--December 2013!
Seems like yesterday to me, too, despite Spectre / Meltdown being half that time ago!
Re: (Score:3)
There's a cyber security angle to this story that I don't think is getting talked about nearly enough.
I think it was the Target breach a few years ago, where a huge number of non-techie people just stopped caring about data breaches. They gave up "I just assume my data is out there anyways" and the like became a normal line.
But with this . . . people are going to get mad. The "fappening" moved the needle. In about a year suddenly every big company adopted 2FA. Will this finally make the US adopt some serious data protection rules? Will the class action against Tea that's likely coming actually drive them out of business?
Big precedent setting events are likely on the way.
I'm not certain how we can make oversharing the highest priority, enforceable by law. Unless of course we null and void the first amendment. Let's look at the situation. A dating safety app, in very few cases will need to know that a woman had had abortions - unless the woman puts it on the site, as is her constitutional right. Foolishness and online oversharing is not illegal.
And the idea that sites can be hardened against any and all attacks will not do much more than kill most applications.
I think
Re: (Score:1)
The creator just had his databases hanging out there in the open, no security at all beyond having to know a URL. It will be very interesting to see what legal repercussions, if any, the guy faces.
Shit Show (Score:2)
Man. What a shit show.
That's the end of THAT company!
So much Irony here (Score:1, Flamebait)
Women have rosters of men. But it's not okay for men to do the same thing. If a woman decides that you're good enough to go out with, she is purely entitled to you and your time, affection, and loyalty. Change your mind? She will then destroy you in the court of public opinion.
So glad to have retired from dating years ago.
Re: (Score:2)
Based on this comment, I'm sure women are too.
Re: (Score:2)
Based on this comment, I'm sure women are too.
There is a problem though. Lesbian marriages have a ridiculous divorce rate. I have a relative who is gay. She's on her forth marriage in 10 years now. I like her, she's witty and pretty nice. But not stable in her romantic relationships.
Re: (Score:2)
Men seem to care if a women has fucked 10 different men over his life. Women are mostly just making sure the men aren’t fucking ten women right now. Either way I think people owe their potential partners the truth, although for the most part I think expecting people to have had zero or close to zero prior partners isn
Re: (Score:2)
That's the most scientific explanation for homosexuality I've ever heard.
Re: (Score:2)
Re: (Score:2)
Well it's either go gay or go MGTOW Incel
Voluntary, not involuntary.
And many guys have found that going to a professional is a quite acceptable solution. Much less expensive than marriage and family. The pro ladies are also a lot better at that sort of thing.
Vibe coded (Score:3)
need more of this (Score:1)
Re: (Score:2)
People will never learn, just like before the internet when people never learned not to tell their cousin.
Next time they'll tell somebody in a different part of the internet. Just like before. They didn't learn not to tell people things they wanted secret, they just learned not to tell Joey. They told Frankie instead. And result never stopped surprising them.
It's only legacy data. It doesn't matter... (Score:4)
Just a quick show of hands here how many of you are living in the same house that you were in 2 years ago?
How many of you still have the same drivers license from 2 years ago?
How many of you have not had major facial reconstructive surgery in the past 2 years?
These guys deserve a life of continuously having their pubic hairs individually plucked out .
Researchers.... (Score:3)
Isn't it fantastic how we don't have hackers any more, but researchers?
"Officer, I was just researching the contents of this house."
CMS would have prevented this (Score:2)
I just can't understand for the life of me why... (Score:2)
Re: (Score:2, Insightful)
I am starting to wonder if this app is actually a trap.
It was designed to give women a place to post hurtful content about men, with images and impunity. And, in fact, it just keeps revealing their dirty laundry to the world.
Smart money is on avoiding this app, and anything else created by the same people.