- Tea is a “popular safety tool” which has just undergone a data violation
- 72,000 application images were involved, some of which were user photo identifiers
- There is an undergoing investigation, but obvious concern here is a potential identity theft for those whose images have been exposed
Tea is a popular mobile application designed as a “meeting safety tool” to protect women and has existed since 2023.
Its full name is tea dating advice, and the central idea is an application reserved for women who gave those who came out with the possibility of accessing the checks of the history of men. This includes if they have a criminal record (or if they are sex offenders), as well as the search for opposite images to identify cat fishing (assuming a false identity online).
At the end of last week, as reported by NBC News, TEA admitted that it had suffered a data violation in which 72,000 images were accessible by the intruder.
This included 13,000 images (selfies and photo identifier) submitted by users when checking the account. The other 59,000 images have also been provided by users and “publicly visible” in publications (and direct messages) on the application.
As tea recognized on its Instagram account, these images were stored on an “archived data system” and the company said that users who had registered in tea during or after February 2024 will not be assigned. In other words, these are old data archived on a server which only concerns publications and older accounts before this date.
The company clearly indicated that the photos “can in no case be linked to messages in tea”.
A tea spokesperson declared to NBC: “These data were originally stored in accordance with the application requirements of the law linked to the prevention of cyberbullying.”
NBC reported that hacking can be connected to 4CHAN, with a 4CHAN poster, to download the database of the stolen images on this platform. The supposed identification photos of tea users have also been published on certain social media, but obviously, are cautious around such reports.
TEA said it had more than four million users in total, and it has become the best free application in the Apple App Store in the United States last week (after recently won a million new members).
TEA said he is carrying out an ongoing investigation into the security incident, which includes external cybersecurity experts, and that she informed the police in the United States.
Do you think you were affected by this violation-if so, what should you do?
The key point to remember here is that if you have registered more recently for tea, you should not be affected by this violation. As indicated, the impact extends only to an archive server and members who joined before February 2024.
It is at least according to what we know of the investigation so far, and the apparent extent of the violation – therefore the warning is that we assume that the in progress investigation does not reveal anything else.
The other important point to remember here is that only the images have been accessible, according to tea, and no personal data relating to members, such as email addresses or telephone numbers.
The disturbing part of accessible data, however, is that some of them contain official identifiers (and selfies) that could potentially be used for identity theft. It should be noted here that tea clarifies (in an official declaration reported by USA Today) that it no longer requires an official identity for registration, and provided with this requirement in 2023.
If you joined tea before February 2024 and provided an identity document from the government for the registration process, the latter could have been exposed. There is no clear way to know that at this stage, but it is the surest to assume that your identifier (or other images) may have been disclosed online.
This means that this information could be found in the hands of a bad actor, unfortunately, but it is difficult to say if it will happen for sure, or even if it do arrive.
What you can do for the moment as the first line of obvious defense is to keep an eye on your finances (bank accounts and credit card surveys), to monitor all irregularities. In all honesty, this is something that you should do anyway, because fraud is an omnipresent danger these days with an increasing number of scams (alongside data violations like this).
Another proactive decision is to register for one of the best credit surveillance services, and the good news is that you can get it for free (from Experian).
What these services do is keep an eye on your personal details (from, say, a stolen identity document) used online in suspicious circumstances, bringing these incidents to your attention, so that you can be aware of everything that is potentially sneaky before materializing. There are also complete protection of identity flight protection, for a more complete level of protection.
