Cybersecurity specialists offer their insights on the data leak involving Tea
In a recent development, the Tea Dating Advice app has confirmed a data storage breach, affecting over 72,000 images, including selfies and ID photos submitted during account verification [1]. This incident serves as a stark reminder of the potential risks associated with sharing sensitive images for identity verification on dating apps.
Richard Blech, CEO of XSOC Corp, warned that selfies and images can be a "data goldmine" for AI-driven attacks [2]. The data obtained from such attacks can be used to train facial recognition spoofing, biometric bypassing, and deepfakes. Blech also advised that anyone whose images were accessed should be more diligent with their credit reports because biometric data "isn't going to expire."
Identity verification or age verification, as used by the Tea app, is a risky choice for companies, according to Rachel Tobac, CEO and co-founder of SocialProof Security [3]. She advised Tea users to freeze their credit, use data brokerage site removal tools, make social media accounts private, use a password manager, and multifactor authentication.
The breach at the Tea app is hardly the first for a dating-related service. In February 2014, Tinder had a technical issue that could reveal users' locations without consent [4].
To protect themselves from potential data breaches and privacy risks, users can take several precautionary measures. Firstly, limit the personal data shared. Avoid uploading identification photos or selfies unless absolutely necessary. Secondly, prefer apps with clear statements about data deletion after verification and robust encryption practices. Thirdly, regularly monitor accounts for any unauthorized activity or unusual messages. Fourthly, enable additional security features such as two-factor authentication and strong passwords.
Furthermore, be cautious about linking social media or other personal profiles, as this increases privacy risks. Limit sharing sensitive information in direct messages or profiles, and stay informed about app security updates and breaches. Following announcements and promptly uninstalling or avoiding apps with unresolved security issues reduces exposure risks.
Albert Fox Cahn, founder and executive director of the Surveillance Technology Oversight Project, expressed concerns about accepting facial recognition as the norm due to potential misuse by law enforcement agencies or hackers [5]. In May, Texas Gov. Greg Abbott signed a law requiring Google and Apple to verify app store users' ages [6].
In conclusion, the Tea app breach demonstrated that selfies and ID photos used for verification can be stored and leaked despite assurances. Users should minimize sharing sensitive images, verify apps' data handling practices, maintain strong security on accounts, and exercise caution in app communications to reduce privacy risks associated with identity verification via selfies [1][2][3][4][5][6].
References:
[1] Tea app data breach: 72,000 images leaked
[2] Selfies and ID photos at risk in AI-driven attacks, warns expert
[3] Tea app users advised to freeze credit, make social media accounts private after data breach
[4] Tinder's location glitch could reveal users' locations without consent
[5] Facial recognition: Why accepting it as the norm could be dangerous
[6] Texas law requires Google and Apple to verify app store users' ages
Businesses relying on data-and-cloud-computing, such as the Tea Dating Advice app, must prioritize cybersecurity to prevent data breaches like the one that leaked 72,000 images [1]. General news outlets have reported that selfies and ID photos, used for verification purposes, can be a lucrative target for AI-driven attacks, leading to facial recognition spoofing, biometric bypassing, and deepfakes [2]. To minimize these risks, users should limit the personal data shared, prefer apps with robust encryption and data deletion practices, regularly monitor accounts for unauthorized activity, enable additional security features, and exercise caution in app communications [1][2][3][4]. Crime and justice agencies must also be held accountable to avoid misuse of facial recognition technology [5]. Stay informed about app security updates and breaches, and promptly uninstall or avoid apps with unresolved security issues to reduce overall exposure risks [6].
