Subj : The Tea App Breach - 60GB of Personal Info To : All From : LundukeJournal Date : Fri Jul 25 2025 22:45:07 The Tea App Breach - 60GB of Personal Info Date: Fri, 25 Jul 2025 21:42:03 GMT Description: Selfies, Drivers Licenses, & Locations. All made publicly available by the developer. FULL STORY ====================================================================== The Tea App an online dating app marketed as a dating tool that protects women has been hacked. And a lot of data has been exposed. An extreme amount. Not the first major breach this year. And it certainly wont be the last. First published over on 4Chan (of course), the hack of Tea App wasnt even really much of a hack. The developers of Tea App apparently simply left the user data open for the world to download at their leisure. And Tea App was becoming pretty popular which means roughly 60 GB of user data was made available before the developers finally thought about locking things down. What kind of data was made publicly available because, presumably, the developers simply didnt think about security much by this Tea App Hack? Selfies. Drivers licenses. All manner of private information which will, no doubt, be exploited by unscrupulous types over the days to come. Even worse meta data appears to have been preserved on uploaded photos. Meaning that many of the user selfies included location data (in addition to the address on the drivers license). Which said unscrupulous types have already begun using to create maps of Tea App users. The developers of Tea App have put out a statement which says 59,000 images used for account verification were made available (read: Government ID). Which would already be catastrophic however a quick look at details of the data (including the file size alone) would suggest that number could be much, much larger. Here is the full statement from the developer: Which brings us to an important lesson which we as humans never seem to learn: If user data is stored, it will get hacked. Its simply a matter of time. There are currently close to 15 Billion (with a B) accounts listed on Have I Been Pwned . And those are simply from hacks and breaches which were reported to that one website. The reality is, the vast majority of hacks and data breaches are never made publicly known. Either by the people doing the hacking, or by the company / government which got hacked. As systems continue to grow ever more complex and interconnected and more systems become AI-developed (aka Vibe Coded) these hacks and breaches become easier to pull off. Combine that with the ever-expanding quantity of data and the growing number of services storing it and we are quickly reaching a point where everyone will have at least some of their data breached at some point. For some people it will happen regularly. Repeatedly. And those will just be the breaches we find out about. The only way to minimize the damage of such hacks & breaches is to minimize the amount and type of data stored, long term, by a service. Need pictures of government ID for age verification? Delete that picture immediately after verification. Need payment and shipping information? Delete all of it immediately after payment is processed and shipment is verified. Need location data (GPS, IP, etc.)? Delete it immediately once done with it. You get the point. Unless a piece of personal data is absolutely 100% necessary, delete it. Its hard for a hacker to obtain files that arent there. ====================================================================== Link to news story: https://lunduke.substack.com/p/the-tea-app-breach-60gb-of-personal --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .