Misconfigured Firebase storage bucket contained over a million private messages.
A database belonging to the dating platform Tea with 1.1 million private messages has been exposed.
After a dataset including approximately 100,000 images was exposed, a misconfigured Firebase storage bucket with over a million private messages sent between users on the Tea platform can be viewed, BleepingComputer reports.
Kasra Rahjerdi, the researcher who discovered the new database, told 404 Media that any Tea user could access the stored user data using their own API key.
According to 404 Media, it's possible to identify users based on social media profiles, phone numbers, or other personal details revealed in the messages.
"At this time, we have found no evidence of access to other parts of our environment. Our team remains fully engaged in strengthening the Tea App’s security, and we look forward to sharing more about those enhancements soon. In the meantime, we are working to identify any users whose personal information was involved and will be offering free identity protection services to those individuals," Tea added.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
