A popular women’s dating safety app, Tea, has been hit with a data breach exposing users’ personal information. Users from the 4chan forum have discovered an exposed database hosted on Firebase, claiming to be sharing sensitive details such as selfies and uploaded identification documents. The vulnerability allows anyone to access this information without authentication.
Tea confirmed that some direct messages were affected by the breach but stated that the data is from two years ago. The app has gained significant popularity recently, reaching the top of the App Store charts and garnering tens of thousands of reviews. To enhance user safety, Tea requires new users to upload a selfie for verification purposes.
However, this security measure appears to have backfired as the exposed database reveals that users’ faces and identification documents can be accessed publicly. The 4chan post highlighting the vulnerability reads: “It’s a public bucket… DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!”
Source: https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-4chan