Hack Reveals Personal Conversations, Phone Numbers on Women-Exclusive App Tea

Uncategorized Mihnea


A few days following a significant leak of user images and locations due to an apparent breach of archived app data, the women-exclusive safety application Tea is confronting a more extensive data exposure than initially disclosed. In addition to the leak of thousands of user verification images and personal identification, which were misused on platforms like 4Chan, the app’s security vulnerabilities have allowed hackers to gain access to private communications among users. An independent security researcher, validated by 404Media, accessed conversations from a secondary database, including sensitive information such as phone numbers, discussions about intimate relationships, and abortion conversations.

The researcher, Kasra Rahjerdi, also accessed back-end application functionalities, including sending mass push notifications to users’ devices. They informed 404Media that the second vulnerability persisted until late last week, coinciding with the initial hack announcement.

In a statement on Friday, Tea responded to the first database breach, asserting that no current user information was compromised. In a follow-up to 404Media, Tea mentioned: “We are diligently working to mitigate the incident and have initiated a comprehensive investigation with external cybersecurity firms. We have reached out to law enforcement and are cooperating with their inquiry. As our investigation is in its preliminary stages, we lack further information to provide at this moment.”

The Tea application gained traction following controversy over its purported “man-shaming” nature. Prior to the breach, some users expressed worries about the app’s data retention methods, while others advocated for the necessity of women-only online spaces for safety.

However, as discussions about the app’s efficacy intensified, online individuals capitalized on its security flaws to target its female user base. Soon after the initial breach report, hackers exploited geolocation data from the legacy database to doxx users, who were promised anonymity to share alerts about men. A nationwide map of Tea users’ locations was constructed, and personal images were extracted to mock users in public forums. Some even developed copycat applications for men to discuss intimate aspects of women’s bodies.