女性安全App“Tea”近期遭遇大规模数据泄露事件，不仅数千张用户验证照片和身份证件被曝光，甚至可以允许黑客访问用户间的私信。安全研究员发现，该App的第二项安全漏洞允许访问包含电话号码、亲密关系对话以及堕胎讨论等敏感信息的数据库。尽管Tea公司表示正在积极处理，并与外部机构合作调查，但此次事件已对用户隐私和安全造成严重威胁。该App此前因其“女性专属”和“反男性”的争议性定位而迅速走红，但其安全隐患暴露后，用户分享的个人信息和地理位置信息被滥用，引发了广泛担忧。

🚨 **大规模数据泄露威胁用户隐私**：女性安全App“Tea”近期发生严重数据泄露，波及数千张用户验证照片、个人身份证件，甚至允许黑客访问用户间的私信。这些敏感信息包括共享的电话号码、关于亲密关系的对话以及堕胎讨论等，用户隐私安全面临严峻挑战。

🔓 **安全漏洞允许访问敏感数据库**：独立安全研究员发现，Tea App存在第二项安全漏洞，使其能够访问一个包含近期用户对话的数据库。该漏洞直到最近才被发现并修复，但在此之前，用户在App内的交流内容已暴露无遗。

🗺️ **地理位置信息被滥用导致用户被“人肉搜索”**：黑客利用Tea App存储的地理位置信息，创建了全国性地图，暴露了用户的具体位置。这与App承诺的匿名性背道而驰，使得用户在分享关于男性遭遇的警告时，面临被“人肉搜索”的风险。

🖼️ **个人照片被公开嘲讽，App被恶意模仿**：泄露的个人照片被用于在公共论坛上嘲笑用户外貌，甚至有不法分子创建了模仿App，专门用于讨论女性身体的私密细节。这些行为严重侵犯了用户尊严，并利用了App的安全漏洞进行恶意传播。

💬 **App争议性定位与安全隐患并存**：Tea App因其“女性专属”和“反男性”的争议性定位而获得关注，但也引发了用户对其存储个人信息（包括用户自身和讨论对象的详细信息）的担忧。此次安全漏洞的暴露，使得这些担忧成为现实，加剧了用户的不安。

Just days after thousands of user images and locations were leaked in an apparent hack of archived app data, women-only safety app Tea is weathering data exposure at an even larger scale than first reported.

In addition to exposing thousands of user verification images and personal IDs, which were later abused by users on platforms like 4Chan, the app's recently discovered security flaws make it possible for hackers to access private messages between users. An independent security researcher, verified by 404Media, was able to pull conversations from a second database that were sent as recently as last week, which included sensitive information like shared phone numbers, conversations about intimate relationships, and discussions of abortion.

The researcher, Kasra Rahjerdi, also obtained access to back-end app features like the ability to send mass push notifications to users' devices. They told 404Media that the second vulnerability existed until late last week, around the time the initial hack was reported.

In a statement given on Friday, Tea said it was addressing the first database breach and that no current user data had been exposed. In a follow-up statement to 404Media, Tea wrote: "We are continuing to work expeditiously to contain the incident and have launched a full investigation with assistance from external cybersecurity firms. We have also reached out to law enforcement and are assisting in their investigation. Since our investigation is in its early stages, we do not have more information we can share at this time."

The Tea app recently shot up in popularity, following viral controversy over its existence as an alleged "man-shaming" app. Prior to the breach, some users were concerned with the app's storing of personal information (including that of both users themselves and the men they discuss), while others supported the need for women-only spaces online to share stories and protect each other's safety.

This Tweet is currently unavailable. It might be loading or has been removed.

This Tweet is currently unavailable. It might be loading or has been removed.

But while debate about the app's efficacy flared, online users took advantage of the app's vulnerable security system to target its female user base: Shortly after reporting on the first breach, hackers seized geolocation information stored in the legacy database to explicitly doxx users — who are promised anonymity upon making an account in order to more comfortably share warnings about encounters with men — and have since created a nationwide map with the locations of Tea users. Others pulled personal images from the database in order to ridicule their appearance in public forums, while a few created copycat apps designed for men to discuss intimate details of women's bodies.