72,000 Images Leaked From Dating-Safety App in July Breach
A women-only app intended to enhance safety for online dating users suffered a breach this month that leaked 72,000 images, including 13,000 selfies with identifying information, a law firm investigating the breach said Friday. Edelson Lechtzin is investigating the breach of the Tea app for a potential class-action on behalf of victims.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
404Media reported the breach Friday. Later that day, Tea posted a statement on its website, saying it detected "unauthorized access to [its] systems and immediately launched a full investigation with assistance from external cybersecurity experts" the same day.
Tea's statement said "a legacy data storage system was compromised," so only users who registered prior to February 2024 were impacted. In addition to the 72,000 images and selfies, exposure included "approximately 59,000 images publicly viewable in the app from posts, comments and direct messages," though no emails or phone numbers were accessed.
The leaked images were "stored in accordance with law enforcement requirements related to cyber-bullying investigations," Tea said, adding it was working to secure its systems and determine the full scope of the incident.
Edelson Lechtzin said "names, birth dates, addresses, driver's license numbers, and other sensitive personal information" may have been exposed. Neither the law firm nor Tea reported the number of users affected in the breach. Tea's homepage indicates it has nearly 5 million members.
In a blog post, Troutman Amin privacy law clerk Tammana Malik noted that Tea says in its privacy statement that it has reasonable security measures for protecting users' personal information from data breaches.
For example, "Tea’s privacy policy, which was last updated in 2022, explicitly states that these photos are 'securely processed and stored only temporarily and will be deleted immediately following the completion of the verification process,'” she blogged. However, "this claim seems to be directly contradicted by the leaked dataset, which reportedly contains information from 'prior to February 2024.'”
Malik also said "that the Tea app has been a source of contention for some men, who claim it can be a source of misinformation and lead to violations of their privacy." She cited posts on Reddit and 4chan calling for "a hack and leak of women’s data from the app."
"Adding to the concern, rumors and pictures are currently circulating among X app users, suggesting that an interactive map with the leaked locations of women from the security breach exists," said Malik. "However, according to Tea’s statement, no email addresses or phone numbers were accessed."