Tea app takes messaging system offline after second security issue reported

Tea a dating discussion app that in the past few days suffered a high-profile cybersecurity breach broadcasted late Monday that a few direct messages were also accessed in the occurrence The app designed to let women safely discuss men they date rocketed to the top of the U S Apple App Store last week but then proven on Friday that thousands of selfies and photo IDs of registered users were exposed in a digital shield breach Media was the first to summary on this second assurance issue citing an independent defense researcher who identified it was manageable for hackers to access messages between users discussing abortions cheating partners and phone numbers In a declaration posted on its social media accounts Tea announced it in the past few days learned that particular direct messages DMs were accessed as part of the initial occurrence Out of an abundance of caution we have taken the affected system offline the app revealed At this time we have identified no evidence of access to other parts of our context It is as of now unknown how several messages were left exposed by the vulnerability Tea announced it is working to identify any users whose personal information was involved and will be offering free identity protection services to those individuals The company announced Tuesday it will share more information as it becomes available Because of the nature of the app which allows women to anonymously discuss sensitive information about the men they date users may be particularly vulnerable to malicious actors who try to expose their real-life identities Mary Ann Miller vice president of client experience at identity verification company Prove stated the women who may have had their information compromised should consider making sure they have real-life safeguard precautions in place such as cameras locks and common sense things that you and I think about to be safe and secure in our own home The average citizen puts more out there in a public-facing view that can put their safety at liability And I think it s time for all of us to think about that more precisely she revealed Companies meanwhile should look for hardware that utilizes other forms besides IDs to verify an identity and only store essential material and discard securely verification records that s no longer needed once a person is verified Tea has stated about images were leaked online in the initial episode including images of selfies or selfies featuring a photo identification that users submitted during account verification Another images publicly viewable in the app from posts comments and direct messages were also accessed without authorization a spokesperson disclosed last week No email addresses or phone numbers were accessed the company disclosed and the breach only affects users who signed up before February