The ladies-only relationship security app Tea has suffered a big cybersecurity incident, with hackers gaining unauthorized entry to roughly 72,000 consumer pictures, together with 13,000 delicate selfies and identification paperwork used for account verification.
The breach, which represents one of the vital severe knowledge exposures within the relationship app ecosystem, has raised crucial considerations about biometric knowledge safety and authentication safety protocols inside social platforms concentrating on weak consumer demographics.
Key Takeaways1. Tea relationship app uncovered 72,000 consumer pictures, together with 13,000 selfies and ID pictures.2. Solely pre-February 2024 customers have been affected.3. The corporate employed cybersecurity consultants whereas gaining 2 million new consumer requests.
Relationship App Tea Exposes Selfie Photographs
404 Media reported that the cyberattack exploited vulnerabilities in Tea’s knowledge storage infrastructure, permitting malicious actors to bypass entry management mechanisms and extract a considerable quantity of personally identifiable data (PII).
The compromised knowledge consists of 13,000 selfies and picture identification paperwork submitted via the app’s multi-factor authentication (MFA) verification course of, alongside 59,000 extra pictures from consumer posts, feedback, and direct messages.
Tea’s cybersecurity response workforce has engaged third-party penetration testing specialists and incident response consultants to conduct forensic evaluation and implement safety hardening measures.
The corporate confirmed that its encryption protocols for e-mail addresses and telephone numbers remained intact, stopping publicity of contact data via SQL injection or cross-site scripting (XSS) assaults.
Nevertheless, the breach affected customers who registered earlier than February 2024, suggesting the vulnerability existed inside legacy database structure and API endpoints which will have lacked sufficient enter validation and safe coding practices.
The incident has generated widespread concern, given Tea’s mission assertion, which emphasizes girls’s relationship security, and its zero-knowledge structure, designed to guard consumer anonymity, reads the report.
The app operates on a crowdsourced evaluation system just like Yelp, the place verified feminine customers submit nameless evaluations of male relationship prospects via blockchain-based identification verification.
Following the 404 Media investigation that first uncovered the breach, Tea’s consumer base has unusually grown, with over two million new registration requests submitted inside days of the safety disclosure.
The corporate has carried out emergency patch administration procedures and enhanced intrusion detection methods (IDS) to forestall future knowledge exfiltration makes an attempt whereas sustaining its GDPR compliance framework and end-to-end encryption requirements for ongoing consumer communications.
Expertise quicker, extra correct phishing detection and enhanced safety for what you are promoting with real-time sandbox analysis-> Strive ANY.RUN now