One of the world’s most popular dating apps has suffered a data breach exposing selfie images of 13,000 users, it has emerged.
Tea, which describes itself as offering “dating safety for women,” said the incident occurred on Friday morning, local time.
After identifying unauthorized access, the app company said it “immediately launched a full investigation with assistance from external cybersecurity experts to understand the scope and impact of the incident.”
It continued: “A legacy data storage system was compromised, resulting in unauthorized access to a dataset from prior to February 2024. This dataset includes approximately 72,000 images, including approximately 13,000 selfies and photo identification submitted by users during account verification and approximately 59,000 images publicly viewable in the app from posts, comments and direct messages.”
Read more on dating app risks: Global Dating App Users Exposed in Multiple Security Snafus.
The app has rocketed to the top of the iOS App Store charts recently after being launched in 2022 by software engineer, Sean Cook, in response to his mother’s troubling experiences of online dating. It provides women with a safe space in which to share information on potentially dangerous men they’ve encountered, and flag positive experiences and behaviors.
The breach occurred despite the app promising to “immediately” delete any selfies or photo ID shots used to authenticate users when joining.
Tea said the incident impacted users that had joined before February 2024, and that the selfies had originally been “archived in compliance with law enforcement requirements related to cyber-bullying prevention.”
It added: “At this time, we have no evidence to suggest that photos can be linked to specific users within the app.”
The breach did not include any user email addresses or phone numbers, Tea confirmed.
“In certain instances, exposures occur due to preventable misconfigurations or lapses in standard security practices — things that are within an organization’s control and can happen to anyone,” argued DefectDojo CEO, Greg Anderson. “To avoid these types of breaches, companies can update their employee cybersecurity training, increase their exposure scanning, and take other in-depth protections.”
Tea said it is still working to determine the full nature and scope of the incident and will provide more updates going forward.
No tags.
