The women oriented dating discussion app Tea has disabled its messaging system after a cybersecurity breach resulted in leakage of private direct messages.
Founded in 2023 by businessman and tech capitalist Sean Cook, the application uses artificial intelligence (AI) to authenticate the sex and gender of an individual through facial analysis and other personal information to preserve the app as a woman's only space.
But, this is not the first time that the app has been hit by a cybersecurity attack. Previously, the developers admitted that 72,000 images including 13,000 selfies with photo IDs were leaked.
As reported by independent researchers, the hackers were capable of accessing the private messages between users including sensitive discussions about abortions, infidelity, and personal phone numbers.
In the official statement, the company said: “We recently learned that some direct messages (DMs) were accessed as part of the initial incident. At this time, we have found no evidence of access to other parts of our environment.”
The company hasn't assessed how many messages were left exposed by the vulnerability yet but stated: “Working to identify any users whose personal information was involved and will be offering free identity protection services to those individuals.”
Earlier, Tea confirmed that 59,000 additional images from posts, comments, and DMs were visible to everyone due to breach. But the company confirmed that no email addresses or phone numbers were compromised and only data before February 2024 was affected.
Since the app serves as a platform where women can share intimate details about dating, the breach marks serious privacy concerns and safety risks. Mary Ann Miller, vice president of client experience at identity verification company Prove, warned that affected users should strengthen real world security measures like improved personal security, home cameras, and locks.
She said: “The average citizen puts more out there in a public-facing view that can put their safety at risk. And I think it’s time for all of us to think about that more carefully. Meanwhile companies should look for technology that utilizes other forms (besides) IDs to verify an identity”.