A user of women’s dating safety app Tea has filed a class action lawsuit after the app repeatedly exposed users’ sensitive data, including selfies, photographs of IDs, and more than a million direct messages sent by users. Both data breaches were first revealed by 404 Media.
The plaintiff, California resident Griselda Reyes, “seeks to hold the Defendant responsible for the harms it caused and will continue to cause” her and “thousands of other similarity situated persons in the massive and preventable cyberattack,” the lawsuit reads.
Tea aims to provide a space where women can anonymously sign up and safely share information about men they are dating. Tea skyrocketed to the top of the U.S. Apple App Store last week, after which members of the notorious troll forum 4chan found an exposed Tea database which contained tens of thousands of images of Tea users and identity documents. Tea requires users to take a selfie when making an account to ensure that only women can access the service.
The lawsuit says Reyes “submitted an image containing her PII [personally identifiable information] to Tea as part of the sign-up process.”
The lawsuit was filed by Cole & Van Note, a law firm that deals with data breaches almost exclusively.
“A lot of women went on the app with the express or implied promise that their information would be kept secure, that the information would only be used to verify their identity,” Scott E. Cole, one of the lawyers who filed the complaint against Tea, told us on a call. “I think that for people who are already in the segment of the population that is worried about online dating, the people that went to this site thought they were going to be treated with their information would be treated with anonymity, and that that trust was violated.”
Cole said he expects that more lawsuits against Tea will be filed across the country first, and that he hopes all of them will join the class action.
404 Media first reported that data exposure on Friday. On Monday, 404 Media revealed a second security issue that allowed unauthorized parties to download more than a million direct messages between Tea users. Many of those messages were highly sensitive, and included discussions around abortion, cheating, and other personal data like phone numbers.
The lawsuit points to both of these breaches and says that Tea has not notified individual victims, instead saying Reyes learned of the incidents from media reports. On Monday Tea said in a social media post it was temporarily stopping the direct messaging system.
Tea declined to comment for this story.
