Women-only dating safety platform Tea had a new database with 1.1 million private messages since 2023 exposed following the leak of its misconfigured Firebase storage bucket with more than 59 GB of data, including 72,000 images from individuals who have used the app before 2024, BleepingComputer reports.
Users of the Tea app were noted by cybersecurity researcher Kasra Rahjerdi to leverage their proprietary API keys to access information within the second database, which could then be used to determine the app's other users, according to a 404 Media report. Investigation into the additional data leak is already being conducted alongside law enforcement, said Tea, which has also moved to take down the impacted system. "At this time, we have found no evidence of access to other parts of our environment... Our team remains fully engaged in strengthening the Tea Apps security, and we look forward to sharing more about those enhancements soon. In the meantime, we are working to identify any users whose personal information was involved and will be offering free identity protection services to those individuals," Tea added.
Users of the Tea app were noted by cybersecurity researcher Kasra Rahjerdi to leverage their proprietary API keys to access information within the second database, which could then be used to determine the app's other users, according to a 404 Media report. Investigation into the additional data leak is already being conducted alongside law enforcement, said Tea, which has also moved to take down the impacted system. "At this time, we have found no evidence of access to other parts of our environment... Our team remains fully engaged in strengthening the Tea Apps security, and we look forward to sharing more about those enhancements soon. In the meantime, we are working to identify any users whose personal information was involved and will be offering free identity protection services to those individuals," Tea added.
