Tea app, women’s safe space

*Seufz*

Tea, an app for women to safely talk about men they date, has been breached, user IDs exposed

Tea, an app designed to let women safely discuss men they date has been breached, with thousands of selfies and photo IDs of users exposed, the company confirmed on Friday.

Tea said that about 72,000 images were leaked online, including 13,000 images of selfies or selfies featuring a photo identification that users submitted during account verification. Another 59,000 images publicly viewable in the app from posts, comments and direct messages were also accessed without authorization, according to a Tea spokesperson.

No email addresses or phone numbers were accessed, the company said, and the breach only affects users who signed up before February 2024.

“Tea has engaged third-party cybersecurity experts and are working around the clock to secure its systems,” the company said. “At this time, there is no evidence to suggest that additional user data was affected. Protecting tea users’ privacy and data is their highest priority.”

Tea presents itself as a safe way for women to anonymously vet men they might connect with on dating apps such as Tinder or Bumble — ensuring that your date is “safe, not a catfish, and not in a relationship.”

A safe way.

Nun soll man ja nicht über Sicherheitslücken spotten, weil es einen ja immer mal selbst erwischen könnte und deshalb Überheblichkeit fehl am Platze und gefährlich ist. Man kann aus den Fehlern anderer lernen und hoffen, dass sie einem nicht selbst passieren, denn Unachtsamkeiten können jedem passieren, und derjenige ist ein schlechter Sicherheitsberater, der sich einbildet, ihm könnten keine Fehler unterlaufen. Nie über andere herziehen, das Risiko sich dabei selbst zu blamieren ist viel zu groß.

Und wer sich auskennt, weiß, dass man beim dem heutigen Softwarekuddelmuddel normale Server ohne unverhältnismäßig hohen Aufwand auch nicht mehr sicher bekommen kann.

404 Media, which earlier reported the breach, said it was 4Chan users who discovered an exposed database that “allowed anyone to access the material” from Tea.

Das allerdings hört sich trotzdem nicht gut an. Da müssen dann schon mehrere Fehler zusammengekommen sein.