Tea

Cybercriminals breached a legacy data storage system used by the Tea app, gaining unauthorized access to approximately 72,000 images, including selfies and driver’s license photos. The breach affected users who signed up before February 2024. The stolen data, originally archived for compliance, was publicly accessible in a Firebase storage bucket without authentication. The situation escalated when online communities collated the data, mapping users' locations, some traced back to U.S. Army bases, and batches of data appeared on cybercriminal forums.

Source: https://therecord.media/tea-app-data-breach-stolen-ids-leaked

TPRM report: https://scoringcyber.rankiteo.com/company/tea

"id": "tea752072825",
"linkid": "tea",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': ['Users who signed up before '
                                               'February 2024'],
                        'industry': 'Social Media',
                        'location': 'Global',
                        'name': 'Tea App',
                        'size': 'Millions of Users',
                        'type': 'Mobile Application'}],
 'attack_vector': 'Unauthorized Access to Storage System',
 'data_breach': {'data_exfiltration': 'Yes',
                 'file_types_exposed': ['Images'],
                 'number_of_records_exposed': '72,000 Images',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ["Driver's License Photos",
                                              'Selfies',
                                              'Publicly Viewable Images']},
 'date_detected': '2024-xx-xx',
 'date_publicly_disclosed': '2024-xx-xx',
 'description': 'Cybercriminals gained unauthorized access to a legacy data '
                "storage system containing user images, including driver's "
                'license photos, from the Tea app.',
 'impact': {'brand_reputation_impact': 'Negative',
            'customer_complaints': ['Users Incensed Online'],
            'data_compromised': ["Driver's License Photos",
                                 'Selfies',
                                 'Publicly Viewable Images'],
            'identity_theft_risk': 'High',
            'systems_affected': ['Legacy Data Storage System']},
 'initial_access_broker': {'entry_point': 'Publicly Accessible Firebase '
                                          'Storage Bucket',
                           'high_value_targets': ["Driver's License Photos",
                                                  'Selfies']},
 'investigation_status': 'Ongoing',
 'motivation': 'Unknown',
 'post_incident_analysis': {'root_causes': 'Publicly Accessible Firebase '
                                           'Storage Bucket'},
 'references': [{'source': 'Recorded Future News'}, {'source': '404media'}],
 'response': {'incident_response_plan_activated': 'Yes',
              'law_enforcement_notified': 'Yes',
              'recovery_measures': 'Securing Systems',
              'third_party_assistance': 'Cybersecurity Experts Hired'},
 'threat_actor': 'Unknown Cybercriminals',
 'title': 'Tea App Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Publicly Accessible Firebase Storage Bucket'}