The company said the data that was stolen was originally archived as a compliance measure due to what it claimed were “law enforcement requirements related to cyberbullying prevention.” A spokesperson declined to respond to several followup questions about the specifics of the data storage tool used, whether the hacker reached out with a ransom and more. “Approximately 72,000 images – including approximately 13,000 images of selfies or selfies featuring a photo identification submitted during account verification and 59,000 images publicly viewable in the app from posts, comments and direct messages – were accessed without authorization,” the company said. Many of the app’s users were incensed online because on the app page asking for personal images, the company pledged to delete them once a verification process is completed. Cybercriminals began sharing thousands of stolen driver’s license photos this weekend after hackers breached storage tools used by a popular app for women called Tea. Concern grew on Friday when online communities antagonistic to women and the mission of the app descended on platforms like 4chan and X to announce the theft of Tea user data. The situation escalated on Saturday and Sunday, when some online began collating the data and using the state IDs to map out the location of Tea’s users. One 4chan post claims user verification submissions were stored in a public Firebase storage bucket that did not require authentication. Company officials confirmed reporting from 404media that someone gained unauthorized access to one of the app’s systems early on Friday morning. Some users were traced back to U.S. Army bases and before long, batches of the data appeared on cybercriminal forums.
This Cyber News was published on therecord.media. Publication date: Mon, 28 Jul 2025 13:35:32 +0000