Women's Tea App hacked by *****

[RamsayBolton]

https://www.404media.co/women-dating-safety-app-tea-breached-users-ids-posted-to-*****/

Tea, which claims to have more than 1.6 million users, reached the top of the App Store charts this week and has tens of thousands of reviews there. The app aims to provide a space for women to exchange information about men in order to stay safe, and verifies that new users are women by asking them to upload a selfie.
“Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It's a public bucket,” a post on ***** providing details of the vulnerability reads. “DRIVERS LICENSES AND FACE PICS! GET THE fukk IN HERE BEFORE THEY SHUT IT DOWN!”
The thread says the issue was an exposed database that allowed anyone to access the material. While reporting this story, a URL the ***** user posted included a voluminous list of specific attachments associated with the Tea app. 404 Media saw this list of files. In the last hour or so, that page was locked down, and now returns a “Permission denied” error.

404 Media verified that Tea does contain the same storage bucket URL that ***** claims was related to the exposure. 404 Media did this by downloading a copy of the Android version of the app and decompiling its code.

The ***** post includes a photo of four women’s drivers’ licenses that the ***** user said they redacted. But comments in the ***** thread indicate that many more photos of Tea users have been exposed, with one person claiming they have downloaded thousands. We’ve also seen ***** users share dozens of photos of women they claim they downloaded from the database, which all share the same image dimensions and file naming format we saw in the file list in the exposed Google Firebase bucket. 404 Media did not load any images from the database itself.

 

[Lonj]

Damn that's messed up

 

[klientel]

 

[Formerly Black Trash]

provide your own personal info to snitch on other ppl

Jesus Christ

 

[KingsOfKings]

 

[KingsOfKings]

I wonder if papa pimp was/is on there

 

[Formerly Black Trash]

 

[KingsOfKings]

I shouldnt laugh but them chicks should've known better

 

[Toe Jay Simpson]

*credits scroll*

“Jodi will return in…someone else’s bed”

 

[JNew]

boys vs girls

 

[Animal House]

Some people just get no p*ssy

 

[IronFist]

big 4 came through and crush the building.

all they personal info though smdh

 

[Canon]

they really got all the verification images


about to drag these hoes to hell and back

 

[The Intergalactic Koala]

So chan....spilled the tea.....



I'll see myself out

 

[AyBrehHam Linkin]

Yikes, that's why it's imperative these startups gotta heavily invest in security MSPs or have some type of app security guy .