A viral app marketed as a safe space for women to share information about men they date has been hit by a major data hack, with tens of thousands of women's photos and IDs leaked online.
The US-based app, which has 1.6 million users, confirmed "unauthorised access" to 72,000 images submitted by women, including 13,000 selfies and government-issued IDs uploaded as proof of identification.
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
'Stoking gender divisions'
Tea was designed to allow women to discuss their dating experiences anonymously, run background checks, search for criminal records and reverse image search for photos in the hope of spotting "catfishers".
Before the data breach, Tea reported a "massive surge in growth" in recent weeks, as the app gained attention through videos and discussions on social media about dating and gender dynamics. The app was listed as the "top free app in Apple's download charts", said The New York Times, "and was also highly ranked in the Google Play store".
Its viral popularity "tapped into a larger face-off over the responsibility of platforms that women say can help protect them from dating untrustworthy or violent men". Informal whisper networks, such as "Are We Dating the Same Guy?" groups, have spread "widely" on platforms such as Facebook. "But such groups have increasingly drawn accusations of stoking gender divisions, as well as claims from men who say the groups have defamed them or invaded their privacy."
Critics of the app, "including some users on 4chan, an anonymous message board known for spreading hateful content, called for the site to be hacked", said the paper. On Friday, "4chan users claimed" to have found a "database related to the app that included photos of users' IDs and other information", said CNN. The data then appeared to begin circulating online.
Users 'at risk'
According to Tea's privacy policy, images uploaded as verification were to be deleted shortly after users are verified, but the hacked images had not been deleted. Tea said in a statement that the data had been stored "in compliance with law enforcement requirements related to cyberbullying prevention".
"It's hard to overstate how sensitive this data is and how it could put Tea's users at risk if it fell into the wrong hands," said 404Media, which said it was easy to find the real-world identities of some users, given the nature of the leaked data and messages. "Users could be easily found via their social media handles, phone numbers, and real names that they shared in these chats," said the site.
Messages often contained accusations against named individuals, further escalating the risk. In messages reviewed by 404 Media, some discuss discovering their husbands on the app, while others feature "women discussing their abortions".
Within hours of the breach, said The New York Times, a now-deleted 4chan thread shared a custom Google Map that "purported to use data from the leak to tie the images to locations" of women registered on the app.
-
The Week's Quizzes -
Forest Lodge: William and Kate's new home breaks with royal traditionIn the Spotlight Wales' said to hope move to 'forever home' in Windsor Great Park will 'leave unhappy memories behind'
-
Cloudbursts: what are the 'rain bombs' hitting India and Pakistan?The Explainer The sudden and intense weather event is almost impossible to forecast and often leads to deadly flash-flooding and landslides
-
Decline of dating apps: will AI be our knight in shining armour?In The Spotlight New features have raised concerns about privacy and manipulation
-
Social media ban: will Australia's new age-based rules actually work?Talking Point PM Anthony Albanese's world-first proposal would bar children under 16 even if they have parental consent, but experts warn that plan would be ineffective and potentially exacerbate dangers
-
FTC bans fake online product reviewsSpeed Read The agency will enforce fines of up to $51,744 per violation
-
Data breaches increased in 2023 and with them, internet security concernsThe Explainer One report found a 78% year-to-year increase in breaches from 2022 to 2023
-
Cyberflashing, fake news and the new crimes in the Online Safety ActThe Explainer UK's first conviction demonstrates scope of controversial law that critics describe as a threat to privacy and free speech
-
Whistle-blower claims Apple ‘ignoring and violating’ users’ rightsSpeed Read Former contractor says tech giant has failed to act on his disclosures about ‘intimate’ Siri recordings
-
Google+ to shut down after security flawSpeed Read Tech giant opted not to inform users of data security breach in March
-
What is GDPR and will it affect you?In Depth The inbox-clogging legislation comes into effect on Friday
