A dating app has been going viral lately (you have probably seen it on X), it"s called "Tea," and it lets women anonymously post pictures of men to share dating "red flags."
The app"s marketing claims this is all for "safety," and you can see it on the company"s website, where it states its mission is "to create a safer dating environment for women." In case you"re confused and need a visual explanation, the following image pretty much sums it up (click to enlarge):
Tea has been around since 2023, but the surrounding controversy helped its recent rise to the top of the app charts. Now the platform has suffered its first notable breach courtesy of users from 4chan.
This breach stemmed from a classic, sloppy development mistake. The Tea developers left a backend database wide open on Google"s Firebase platform. Firebase allows for quick development, but its default security settings can be disastrously permissive if they are not locked down before an app goes live.
Data in Firebase is stored in things called "buckets," which are just cloud storage folders. The leaked bucket in Tea"s case contained the exact verification data the app requires from its users: selfies and ID photos, which it needs to confirm that users are women.
It did not take long for users on 4chan to find this open door and walk right in. One user claimed, "Yes, if you sent Tea App your face and driver"s license, they doxxed you publicly!" Another user claimed they downloaded as many as 3000 images before they got rate-limited by the server.
They described the trove of personal information as being "raw and uncensored." As per the Terms of Use (via 404Media) before you sign up for Tea, apart from selfie and ID photos, you are required to submit your location and birth date. All of this was reportedly accessible.
404 Media says that for a while, anyone with the right URL could view a list of user files. That page has since been locked down and now returns a "Permission denied" error, likely because the developers finally became aware of the leak.
Tea has stellar reviews on both the Play Store and the App Store from users who see it as a more secure version of the "Are We Dating the Same Guy?" Facebook groups.