Skip to main content

New hack of women-only app Tea exposes personal chats, phone numbers

By
A phone displays the green Tea app icon.

Just days after thousands of user images and locations were leaked in an apparent hack of archived app data, women-only safety app Tea is weathering data exposure at an even larger scale than first reported.

In addition to exposing thousands of user verification images and personal IDs, which were later abused by users on platforms like 4Chan, the app's recently discovered security flaws make it possible for hackers to access private messages between users. An independent security researcher, verified by 404Media, was able to pull conversations from a second database that were sent as recently as last week, which included sensitive information like shared phone numbers, conversations about intimate relationships, and discussions of abortion.

SEE ALSO: Grindr bans 'no zionists' in bios, but still allows racist and fatphobic language

The researcher, Kasra Rahjerdi, also obtained access to back-end app features like the ability to send mass push notifications to users' devices. They told 404Media that the second vulnerability existed until late last week, around the time the initial hack was reported.

In a statement given on Friday, Tea said it was addressing the first database breach and that no current user data had been exposed. In a follow-up statement to 404Media, Tea wrote: "We are continuing to work expeditiously to contain the incident and have launched a full investigation with assistance from external cybersecurity firms. We have also reached out to law enforcement and are assisting in their investigation. Since our investigation is in its early stages, we do not have more information we can share at this time."

The Tea app recently shot up in popularity, following viral controversy over its existence as an alleged "man-shaming" app. Prior to the breach, some users were concerned with the app's storing of personal information (including that of both users themselves and the men they discuss), while others supported the need for women-only spaces online to share stories and protect each other's safety.

But while debate about the app's efficacy flared, online users took advantage of the app's vulnerable security system to target its female user base: Shortly after reporting on the first breach, hackers seized geolocation information stored in the legacy database to explicitly doxx users — who are promised anonymity upon making an account in order to more comfortably share warnings about encounters with men — and have since created a nationwide map with the locations of Tea users. Others pulled personal images from the database in order to ridicule their appearance in public forums, while a few created copycat apps designed for men to discuss intimate details of women's bodies.



from Mashable https://ift.tt/FT0i5Yc
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

Instagram accidentally reinstated Pornhub’s banned account

By
After years of on-and-off temporary suspensions, Instagram permanently banned Pornhub’s account in September. Then, for a short period of time this weekend, the account was reinstated. By Tuesday, it was permanently banned again. “This was done in error,” an Instagram spokesperson told TechCrunch. “As we’ve said previously, we permanently disabled this Instagram account for repeatedly violating our policies.” Instagram’s content guidelines prohibit  nudity and sexual solicitation . A Pornhub spokesperson told TechCrunch, though, that they believe the adult streaming platform’s account did not violate any guidelines. Instagram has not commented on the exact reasoning for the ban, or which policies the account violated. It’s worrying from a moderation perspective if a permanently banned Instagram account can accidentally get switched back on. Pornhub told TechCrunch that its account even received a notice from Instagram, stating that its ban had been a mistake (that message itse...
Post a Comment
Read more

California Gov. Newsom vetoes bill SB 1047 that aims to prevent AI disasters

By
California Gov. Gavin Newsom has vetoed bill SB 1047, which aims to prevent bad actors from using AI to cause "critical harm" to humans. The California state assembly passed the legislation by a margin of 41-9 on August 28, but several organizations including the Chamber of Commerce had urged Newsom to veto the bill . In his veto message on Sept. 29, Newsom said the bill is "well-intentioned" but "does not take into account whether an Al system is deployed in high-risk environments, involves critical decision-making or the use of sensitive data. Instead, the bill applies stringent standards to even the most basic functions - so long as a large system deploys it."  SB 1047 would have made the developers of AI models liable for adopting safety protocols that would stop catastrophic uses of their technology. That includes preventive measures such as testing and outside risk assessment, as well as an "emergency stop" that would completely shut down...
Post a Comment
Read more

If only your bike had a trunk. Oh wait, now it does.

By
Just to let you know, if you buy something featured here, Mashable might earn an affiliate commission. Biking is one of the best ways to get around, especially if you live in a city. It's quick, it's eco-friendly, and you get a bit of exercise.  If you already commute on two wheels or are thinking of starting, there's a storage device you kinda need. SEE ALSO: This bamboo keyboard combo adds a touch of tranquility to your workspace The Buca Boot is a pretty magical two-in-one hybrid: It’s a super secure storage box for your bike that works like the trunk of a car. You can lock your helmet or whatever else in it and leave it safely behind. It’s also a basket—open it up, and you can carry a bouquet of flowers and a baguette like the picturesque cyclist of your dreams.    Read more... More about Storage , Car , Bicycle , Trunk , and Cyclist from Mashable http://ift.tt/2eHNwLB via IFTTT
Post a Comment
Read more