A dating application, tea, which was created to share private information has been raped – twice. We learn more about the user information that has been hacked.
Ailsa Chang, host:
So what is tea? Well, tea is actually a new dating application, not to go out exactly, but for women to share information anonymously on men in their dating pool, let’s say, signal a bad or dangerous behavior that they have known with these specific men. The application became very popular very quickly, which made him quite unpopular with those who felt him invade their intimacy. But the real tea on tea is that it was hacked. Last Friday, the company said that data violation had exhibited tens of thousands of images, including many user selfies, and security problems continued to grow this week. Joseph Cox is one of the journalists who broke up history. He is co-founder of the 404 Media website. To welcome.
Joseph Cox: Thank you very much for doing me.
Chang: So I understand that there have now been two separate data violations. What happened here?
Cox: Yes, it’s true. So the first occurred on Friday. My co-founder, Emanuel Maiberg, obtained a council that all this data from the TEA application was published on 4CHAN, the famous troll forum which was behind all kinds of harassment of people over the years, if not decades now. We therefore find, of course, a bunch of selfies and driving license for displayed people. We then work to verify that these really come from tea applications users, and I determine, yes, this data is legitimate.
Chang: Ok. And to be very clear, it is selfies and driving licenses of women mainly who posted on the application of tea on men.
Cox: Yeah. So when you use the tea application, when you go through the registration process, you need to take a selfie to prove that you are a woman.
Chang: And you said that in addition to selfies and driving license images, there are instantaneous cats between women using this application.
Cox: Yes. We therefore received another advice according to which there was essentially a second violation which, in my mind, was in fact even more sensitive. A security researcher found that it was possible to obtain essentially all direct messages sent through the application. We have dug the content to see how sensitive it was, and I really can’t overestimate how delicate these messages are. There are women who talk about abortions, speaking of deceiving little friends. These are really, really sensitive conversations. But we found that it was trivial to unmask many women here because they exchange phone numbers because they of course want to discover, well, does my boyfriend cheat on me?
Chang: Absolutely. And what do people do with this online information since their hacking?
Cox: So, at the beginning, out of 4chan, people made fun of certain women using the application. But beyond that, some people have even made a kind of classification website where it will show you two photos of women included in the database, and you are then asked to classify them on perceived attractiveness.
Chang: You know, I think of other online platforms, because many oblige users to share more information on themselves in order to create an account – like a driving license, like a selfie – because these platforms try to limit spam and false accounts. But do you think that these types of steps really make people more vulnerable to data violations?
Cox: Yes, absolutely. And I reported a data violation in an identity verification company that was hired by companies such as X and Tiktok and Uber, and they were raped, and driving licenses were also stolen. So it really creates a new risk platform for people when they just try to browse the World Wide Web.
Chang: scary. Joseph Cox is the co-founder of the 404 Media website. He also hosts “the Podcast 404 Media”. Thank you so much.
Cox: Thank you very much.
Chang: And we contacted tea to comment on this story. In a statement, a spokesperson told us that the company had taken the systems accessible by offline hackers during its survey and endeavors to provide affected users with free identity protection services.
(Soundbite of Gotye Song, “Somebody that I used to know”)
Copyright © 2025 NPR. All rights reserved. Visit the pages of use of the conditions of use of our website on www.npr.org for more information.
The accuracy and availability of NPR transcriptions may vary. The transcription text can be revised to correct errors or match audio updates. Audio on npr.org can be published after its original broadcast or publication. The file authorizing the NPR programming is the audio recording.
