Messages leaked from men's shopping app 'Tea'
The dating advice app 'Tea,' which sparked outrage among some internet users for its overly explicit nature and sparked a controversy over the leaking of users' photos, has now leaked messages. The discoverer says that it was easy to spy on private conversations and identify individuals from the message content.
A Second Tea Breach Reveals Users' DMs About Abortions and Cheating
Tea, a dating advice app for women, was popular as a social networking site where users could share photos and names of men and chat with them. However, the database storing the IDs and selfies submitted to prove their identity was not encrypted, and was discovered by internet users, resulting in the leak of approximately 72,000 photos of users' faces.
Hackers from 4chan broke into Tea, an app where women anonymously post photos of men and talk about them, exposing 72,000 images, including 13,000 selfies for authentication, sparking a massive outrage - GIGAZINE
Security researcher Kasra Rajadi, who investigated the case and shared the information with technology outlet 404 Media, said that it was possible to spy on not only images but also the content of messages.
According to Rajadi, Tea users could use their API keys to access the database and spy on private messages that should only be visible to the two parties involved.
Rajadi said he actually had access to over 1.1 million private messages, adding that individuals could easily be identified.
The messages included images of men pointing to one another and saying, 'I'm this man's wife,' a woman claiming to be the man's fiancee communicating with other women, and exchanges between women who were found to be in relationships with the same man.
Tea does not use real names but uses anonymous IDs, but users gave their real names in messages or published usernames and phone numbers for other social networking sites, which could potentially identify individuals.
Immediately after the leak occurred, Tea explained that the leaked images were stored several years ago, and appealed to recently registered users that the incident was not related to them. However, since the messages discovered this time included ones from as recently as one week ago, the impact is likely to be more widespread.
404 Media reviewed the message and attempted to create a new account using the username included in the message. The attempt failed because the username was already in use, which led them to conclude that the message was likely genuine. They also noted that 'it's possible that other users besides Rajadi may have found the message.'
The impact of the image leak, which began on the online message board 4chan, has been unstoppable, leading to a wide range of actions, including creating publicly accessible databases of users' photos and driver's licenses, mapping users' addresses, and even creating a copy of Facemash, a women's rating site that could be considered a precursor to Facebook.
A Tea spokesperson said, 'We responded swiftly to prevent the incident from escalating and have launched a full investigation in collaboration with an external cybersecurity firm. We have also contacted law enforcement, who are assisting us in their investigation. As this investigation is in its early stages, we are unable to provide any additional information at this time.'
Related Posts:
in Web Service, Security, Posted by log1p_kr