The tea app data breech has increased in another large leakage, now shared on hacking forums with stolen data and in another database it has been found that 1.1 million private messages have been exchanged between members of the app.
The tea app is a female-keval dating security forum, where members can share reviews about men, with only one selfie and access to the given platforms after providing government ID verification.
On Friday, an anonymous user posted at 4chan that tea used an unsafe firebase storage bucket to store drivers and to store selfies, uploaded by members to verify that they are women, as well as photos and pictures shared in comments.
The user shared a python script, which can now be used to download data from a safe storage bucket.
Overall, more than 59 GB of data was exposed in the leaks, in which a public statement confirmed tea that it affects users who signed up before 2024.
“A legacy data storage system was compromised, resulting in unauthorized access to a dataset before February 2024,” one reads Safety violation declaration,
“This dataset contains around 72,000 images, including about 13,000 selfies and users’ photo identification and posts, comments and direct messages presented during account verification include approximately 59,000 images in the app.”
The platform states that selfie was not removed as expected to comply with law enforcement requirements related to the prevention of cyber-Badmashi.
Danger actors have now started sharing torrents of data leaked on hacking forums, possibly revealed members of the app to social engineering attacks.
Bleepingcomputer has confirmed that shared data includes the driver’s license, selfie and message attachment.
To make the case worse, 404 media now reports This was found to have an additional database with 1.1 million private messages sent between users on the tea platform.
The database includes more recent data from 2023 to last week, and allegedly discussing sensitive topics, such as abortion, husband cheating, and two-time about two-time boyfriends.
Researcher Kasara Rahjardi, who discovered the new database, told 404 media that any tea user can access the user data stored using its API key.
According to 404 media, it is possible to identify users based on social media profiles, phone numbers, or other personal details revealed in messages.
Being a safe place for women has now become a tool to embarrass them, even with someone forms a “facemash” -style site, where visitors can rate the selfie exposed in leaked data.
Tea says that they continue to work with third-party cyber security experts to involve the incident and investigate the attack.
The app says that it also informed the law enforcement, which are assisting in investigation.
CISOS knows how to purchase a board begins with a clear, strategic approach how the cloud safety runs the business price.
This helps to introduce the risk, impact and priorities to the free, editable board report deck deck security leaders in clear business terms. Convert security updates into meaningful conversations and take fast decision in boardroom.
