Tea Dating App Leaks 72,000 User Photos and IDs In Major Breach - 1

Image by Vardan Papikyan, from Unsplash

Tea Dating App Leaks 72,000 User Photos and IDs In Major Breach

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A serious data breach has hit Tea, a women’s dating safety app that recently reached the top of the App Store.

In a rush? Here are the quick facts:

  • Tea app leaked 72,000 user images, including selfies and photo IDs.
  • The breach was caused by an unsecured Firebase database.
  • Hackers posted sensitive data on 4chan, including private messages.

Hackers on 4chan accessed an exposed database from Tea, and later started sharing online users’ selfies and ID photos, as first reported by 404Media.

The breach was possible due to an unsecured Google Firebase database used by Tea. “Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It’s a public bucket,” read a 4chan post, reports 404Media .

It added, “DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!”

Tea confirmed the breach to 404 Media, saying it affected older data from more than two years ago and included 72,000 images, 13,000 selfies and photo IDs, and 59,000 other images from posts and messages.

“This data was originally stored in compliance with law enforcement requirements related to cyber-bullying prevention,” the company explained.

The leaked data also includes direct messages. 404 Media verified the exposure by decompiling the Android app and locating the same storage URL shared on 4chan.

“The images in the bucket are raw and uncensored,” one user wrote. Others on 4chan even created scripts to automatically collect the leaked data.

The verification process for Tea requires users to upload both a selfie and ID picture to confirm their female identity before joining the platform. The platform enables women to share anonymous warnings about men through a system that functions like “Are We Dating the Same Guy?” Facebook groups.

After discovering the breach, Tea stated it is working with cybersecurity experts and said in an email to 404Media that , “Protecting our users’ privacy and data is our highest priority.”

404Media notes that the original 4chan thread has since been taken down, but archived versions continue to circulate.

Over 300 U.S. Firms Targeted By North Korean Job Scam - 2

Image by freestoks, from Unsplash

Over 300 U.S. Firms Targeted By North Korean Job Scam

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

An Arizona woman was sentenced to over eight years of prison for helping North Korean hackers.

In a rush? Here are the quick facts:

  • Hackers used stolen U.S. identities to get remote jobs at 300+ companies.
  • The scam funneled millions of dollars back to North Korea.
  • The FBI seized 90+ laptops and linked them to fake workers.

The hackers used the woman’s help to pretend to be American workers and secure remote job positions at over 300 U.S. companies. The fraud, reported by ArsTechnica , funneled millions of dollars back to North Korea.

ArsTechnica reports how Christina Chapman operated a “laptop farm” from her home. She received corporate laptops which North Korean operatives used to pretend they worked as U.S.-based remote employees.

Whilst logging in from China and North Korea, the operatives used VPNs and AnyDesk remote software to access devices, participate in Zoom meetings, and received paychecks.

ArsTechnica reports that Chapman admitted to sending I-9 forms and occasionally shipping equipment to a Chinese city near the North Korean border. She explained to the judge that she accepted the position to support her mother during cancer treatment while believing she was helping others.

She wrote , “the area where we lived didn’t provide for a lot of job opportunities that fit what I needed. I also thought that the job was allowing me to help others. ”

She also apologized, thanking the FBI for catching her and expressing plans to start an underwear company and publish books after prison. But authorities said the damage was real.

ArsTechnica reports that one identity theft victim described the emotional toll in court:

“Although identity theft is not a physical assault, the psychological and financial damage is lasting. It feels like someone broke into my life, impersonated me, and left me to pick up the pieces. There is a lingering fear that my information is still out there, ready to be misused again.”

The FBI discovered more than 90 laptops at Chapman’s residence, which included identification notes for each fake worker. ArsTechnica reports that Chapman received a 102-month prison sentence and must surrender $284,999 and pay back $176,000.