Credit: Ian Moore / Lifehacker Composite; Tea Dating Advice Inc.
Last week, the two-year social media application, TEA, which operates as a Yelp style platform where women can anonymously assess and review real men who cannot access the application or respond, have experienced an intense moment of virality that went back to the top of the most downloaded list on the Apple App Store. But in a few days, it was faced with a major data violation which disclosed old user data. And now there are reports from a second violation, and it’s even worse.
The application representatives said last week that the data that had fled were about two years old and that no information linked to users who joined more recently seemed to be included. But according to a new 404 Media report, the second foray has disclosed direct messages and other data from last week.
The second data violation included more recent information
According to the 404 Media report, an independent security researcher named Kasra Rahjerdi reported the second violation, noting “it was possible for pirates to access messages between [Tea] Users discussing abortions, cheating partners and telephone numbers they sent. “This violation seems to be a separate database, not the same as that of last week, and this database stored much more recent information.
In last week’s violation, the pirates could see and disseminate user verification images – including photos of driving licenses – which were submitted when women signed up to the service. At the time, a spokesperson for Tea Dating Advice, Inc. confirmed to me that the application “identified unauthorized access to one of the [its] Systems and immediately launched a complete survey to assess the scope and impact. “The initial results of this effort suggested:” The incident involved an inherited data storage system containing information more than two years ago. About 72,000 images – including approximately 13,000 selfie images and identification of photos submitted when checking the account and 59,000 images publicly visible in the application from publications, comments and direct messages – were consulted without authorization. “”
The representative added: “At present, there is no evidence suggesting that current or additional user data have been affected.”
Following this new information, I contacted tea today. The spokesman said they had no additional comments at the moment.
What the breach can mean
In his report, 404 Media clearly indicates that this security problem was noticed and reported by an independent researcher – but there is no way to know who else could have discovered it and not I took information to the media. The point of sale was able to confirm that the database included private and potentially sensitive information not only on the women who were discussing in the application, but the men they discussed. Some women have shared telephone numbers and private details of their interactions with men and have made accusations concerning the conduct of men. While TEA encourages users to create anonymous user names, 404 Media reported that it was not difficult to link at least some of the messages to real people.
What does this mean for users of the application? At this point, it is impossible to say if someone else has obtained a property of this information, or if he was downloaded anywhere online. But the accessible information is quite private and, since tea users are assured of the anonymity of the application, the news is naturally overwhelming for anyone can have shared intimate details using the application.
What you need to know about tea
If it is the first that you hear about tea, congratulations, because it means that you are not as online online as I am. I hope you had a good weekend doing all kinds of real activities. But you know very much, a little or nothing of tea, let me give you an overview of the unhappy application.
What do you think so far?
As indicated, tea is an application of social media in Yelp style that only women can join. To do this, users must send a verification photo which proves that they are a woman (although it is not yet clear how it works and what are the implications for LGBTQ + people or people not in accordance with the genre who may want to register). Once approved, users can search for men by name, find those they know and leave comments about them. Users can also simply add a “red flag” or “green flag” reaction to a man. The volume of red or green flags is intended to show any other woman in search, whether a good guy or a villain. Like a rotten score, there is very little room for the nuances here.
In theory, men cannot access the application, so they have no recourse if they are drowning in red flags and tea warnings. In fact, they may not realize that they have a page dedicated to the application on the application. It is notable, since tea announced that last week that it had received more than 2.5 million new requests to join the application – which means that a man’s profile is potentially visible for millions of women, if he even realizes that he exists.
Admittedly, you might say that if someone does not want to be marked a “man of the red flag”, he should act more as a “Green Flag Man”. But the absence of any type of regular procedure could certainly lead to major reputation damage to men who can deserve it or not. Although the application slogan is “to go out with women safely” and he announces that users can “Run the record checks”, “Identify potential catfish” and “check that it is not a sex offender”, among others, the ability to leave comments anonymously on men is a major draw – and, if it is harmful to defam someone who does not deserve it, a major drawback.
I certainly recognize that the warning of the women of the attackers, violent men and cheaters is a good thing to do And Note people anonymously and not have to provide proof of the accusations that you publicly bring against them is potentially a very bad thing.
And undoubtedly, the fact that thousands of photos of women and private messages have been stored so precarious by tea that they have been exposed in several data violations is certainly a very bad thing. No one wins here.
