Women’s ‘red flag’ app Tea is a privacy nightmare

Apply a designer to help women discover “red flags” for men who put their users in danger. 404 media It was reported that the tea was hacked by 4chan users last week, which led to personal photos and driver’s licenses for most of them are their users who are published in 4chan. Independent researcher for 404 media Since then, he discovered that messages between users who discuss marital infidelity, miscarriage and personal phone numbers are also vulnerable to infiltrators.

The Software Developer Tea was established, which he said was an inspiration to create an unknown whispering network after he witnessed his mother’s dating experiences with men. It was also very influenced by the emergence of the groups “Do we get to know the same man”, and works in a similar model of anecdotal warning devices about men. The application increased in popularity on the first place in the Apple App Store last week. Tea claims to have more than 4 million active users.

On July 25, 72,000 photos were hacked – including 13,000 personal photos and driver licenses, as well as 59,000 photos, posted on the application – with many of them download and publicly posted on 4chan. 4chaan users initially published pictures of four licenses for the exit of women, which leads to the revision of some personal information, but the storm of comments on the topic indicates that thousands of photos were downloaded before the company was aware of the rag. Tea said 404 media It launched a “full investigation with the help of external cybersecurity companies”, and that he was working with the application of the law “to help” achieve them.

TEA was storing its sensitive users’ information on Firebase, a Google -owned cloud service and a cloud service. Since 2023, tea no longer requires users to send pictures of their knowledge for verification purposes. While the company initially insisted that the penetration only affected the “Legacy” database and the users who registered before February 2024, according to the independent researcher and TOVE DATA, which was reviewed by 404 mediaTea is still unsafe, and the original penetration range exceeds, and the special messages sent late last week are accessible and exposed to more exposure.

Since increasing tea in its use among women, it has drawn angry criticism and among the alleged “men’s rights” groups online.

Men who discovered that they appeared on the application and described it as a “toxic” network. Some will go virus on Tiktok and X, claiming that the assurances that were made around them are completely incorrect. “The issue is that people (women in particular) will not see this represents a problem until the male version of the application is created. I deserve to know the history of diseases transmitted with sexual intercourse, the number of body, etc.,” says a higher classified comment on a subject in Subredit R/Menrights. A revenge app that includes women was created shortly, called Teaborn, but it was immediately lowered after reports of users who publish porn for revenge.

Many experts described the privacy of cybersecurity and the data of TEA storage methods, which led to the initial penetration and frank neglect.

“This data was originally stored in compliance with the law enforcement requirements related to the prevention of electronic bullying,” and the company initially called in the statement submitted to 404 media.

Peter Dardal, a professor of networks online and security at Liwala University at Chicago, said, said Peter Dardal, Professor of Internet and Security at Liwala University in Chicago, said. freedom He believes that the company’s statement – was in compliance with the law – “misleading”, and that the company could have done more to prevent this cybersecurity nightmare. “[The statement] Disturbing on two charges: First of all, the application of the law does not specify the requirements; This is the function of congress and the legislative bodies of the state. “There was no legitimate legal need to keep these pictures, the Internet should not be accessed at all; it is clear that it is not necessary for the activity of the normal site,” Dordal said.

Dordal added that although it is common for user data to be stored in the cloud, tea should have taken measures to ensure that it cannot be accessed by the public. Tea terms and their provisions also claim that they delete user data after verification, which apparently failed.

“TEA definitely had neglected security practices if the current reports were correct,” said Grant Ho, an assistant professor at the University of Chicago looking for computer security. “The company should never host the user data on an accessible server to the public, and at least, encrypted data should have been stored.”

Andrew Gutry Ferguson, a law professor at George Washington University and an expert in monitoring huge data, notes that the whisper network is no longer protected like a real whisper network that can be when it works in a non -communication mode. Your data is no longer in your control.

“What changes when it is digital, refundable, rescue and search is to lose control,” said Ferguson. “You cannot keep it within the limits of the people you trust.”