The more than one million messages obtained by 404 Media are as recent as last week, discuss incredibly sensitive topics, and make it trivial to unmask some anonymous Tea users.
The article linked above asserts that it was a “legacy portion” of the database that got leaked, and that all the leaked data is from February 2024 and earlier. So this vulnerability apparently existed for at least 18 months. The timing of the leak coincides with a spike in popularity which brought wider attention down on it, and finally someone without the desire to implicitly trust it gave it a look.
Which says to me that in the few years this app has existed, it was never scrutinized, not by anyone on the dev side and not by anyone on the user side. That’s fascinating to me.
The article linked above asserts that it was a “legacy portion” of the database that got leaked, and that all the leaked data is from February 2024 and earlier. So this vulnerability apparently existed for at least 18 months. The timing of the leak coincides with a spike in popularity which brought wider attention down on it, and finally someone without the desire to implicitly trust it gave it a look.
Which says to me that in the few years this app has existed, it was never scrutinized, not by anyone on the dev side and not by anyone on the user side. That’s fascinating to me.