- Tea is a popular ‘dating safety tool’ that has just suffered a data violation
- 72,000 images related to the application were involved, some of which were user photo ID
- There is an ongoing investigation, but the obvious concern here is the theft of potential identity for those whose images were exhibited
Tea is a popular mobile application designed as a ‘dating safety tool’ to protect women and has existed since 2023.
Its full name is the tea dating council, and the central idea is an application only for women that gives those who are dating the ability to access the background verifications to men. This includes whether they have a criminal record (or if they are sexual criminals), as well as an inverse search of images to identify cat fishing (assuming a false identity online).
At the end of last week, as NBC News reported, TEA admitted that it had suffered a data violation in which the intruder agreed to 72,000 images.
That included 13,000 images (selfies and photo id) sent by users during the account verification. The other 59,000 images were also provided by users and “publicly visitable” in publications (and direct messages) in the application.
As TEA acknowledged on his Instagram account, these images were stored in a ‘archived data system’ and the firm said that any user who was recorded for tea during or after February 2024 will not be affected. In other words, these are old data filed on a server that only refers to previous publications and accounts before that date.
The company made it clear that the photos “in no way cannot be linked to publications within tea.”
A ASD spokesman told NBC: “These data were originally stored in accordance with the application requirements related to cybercuting prevention.”
NBC reported that the trick can be connected to 4chan, with a 4Chan poster that supposedly allows you to download the stolen image database on that platform. It is also said that the alleged identification photos of tea users have also been published in some social media, but obviously, it exercises caution around such reports.
TEA said he has more than four million users in total, and became the best free application in Apple’s application store in the United States last week (after having won a million new members).
TEA said he is carrying out an ongoing investigation into the security incident, which includes experts in external cybersecurity, and that he has notified the police in the United States.
Do you think you’ve been affected by this violation? If so, what should you do?
The key point to remember here is that if it was more recently recorded for tea, it should not be affected by this violation. As noted, the impact only extends to a file server and members that joined before February 2024.
At least that is according to what we know of the investigation so far, and the apparent scope of the violation, so the warning is that we assume that the ongoing research will not reveal anything else.
The other important point to remember here is that only the images were accessed, according to TEA, and there are no personal data related to members, such as email addresses or telephone numbers.
However, the worrying part about the data to which it was accessed is that some of them contain official identifications (and selfies) that could be used for identity theft. It is worth noting here that TEA also clarifies (in an official statement marked by USA Today) that no longer requires an official identification to register and dispensed with that requirement in 2023.
If you joined TEA before February 2024 and provided an identification of the government for the registration process, then the latter could have been exposed. There is no clear way of knowing that at this point, but it is safer to assume that its identification (or other images) may have leaked online.
That means that this information could end in the hands of a bad actor, unfortunately, but it is difficult to say if that will happen for sure or in fact knowing if it is. does happen.
What you can do for now as an obvious first line of defense is to monitor your finances (bank accounts and credit card extracts), observing any irregularity. With all honesty, this is something you should do anyway, since fraud is always a danger present these days with a growing number of scams (together with data violations like this).
Another proactive movement is to register in one of the best credit monitoring services, and the good news is that you can get this for free (from Experian).
What these services do is be attentive to their personal data (for example, a stolen identification) that is used online in suspicious circumstances, calling these incidents to their attention, so that it can be aware of anything potentially lower before it occurs. There are also full identity theft protection suites, also for a more comprehensive level of protection.
You may also like …
