Last week, a sequence of events happened pretty quickly: The Tea app—like Yelp, but for rating and reviewing men under the guise of promoting safety—rocketed to the top of Apple's App Store as women sought to determine, anonymously, whether the guys in their lives were “green flag men” or “red flag men.” Then, there was a backlash that included a data breach which revealed thousands of user verification images to the public. Then, there was a second breach that compromised millions of direct messages sent and received on the app.
This week, a new development: Some of the women involved have filed a class action against the app. (Reps for Tea tell me they have no comment on that at this time.)
The class action against Tea
Earlier this week, a Tea app user named Griselda Reyes sued Tea Dating Advice, Inc. for negligence, breach of implied contract, breach of the implied covenant of good faith and fair dealing, and unfair competition in a suit filed in California. She sued not only on behalf of herself, but “all others similarly situated,” accusing Tea of “failure to properly secure and safeguard” their personally identifiable information.
The complaint points out that Tea assured users that the verification images they submitted to prove they were women would be deleted. Obviously, since thousands of those images were leaked and the company issued a statement saying that the leaked images were two years old, there's a disconnect between the assurance of deletion and the reality of what happened.
Per the complaint, Reyes has “spent time dealing with the consequences” of the data breach, verifying the legitimacy and impact of it while also looking into credit monitoring and theft insurance options. Lost time, annoyance, inconvenience, and anxiety are among the things Reyes says she suffered, along with “imminent and impending injury arising from the substantially increased risk of fraud, identify theft, and misuse” that arose from her personal information being “placed in the hands of unauthorized third parties/criminals.”
Again, reps for Tea told me they have no comment at this time. Interestingly, I already received a targeted ad on Instagram last night asking me to sign up for a class action if I had downloaded the app and been impacted, so the legal process is moving pretty swiftly.
What happened with Tea?
Tea is marketed as a safety tool that can help women conduct background checks, identify sexual predators, sleuth out cheaters, and keep themselves away from abusers—and to an extent, it is that. To a different extent, as its name implies, it's a platform for gossiping about specific, real-life men, none of whom can gain access to the app to defend themselves or even determine if their photo is on it. It's possible to use Tea to source information relevant to safety—but it's also entirely possible to use it to defame a man whose worst crime is ghosting, being broke, or not texting back fast enough—or worse, whose crime is nothing at all.
What do you think so far?
It might be understandable why some people were mad about the rise of Tea's popularity and even why some virtual vigilantes would want to leak photos and personal information—wrong though it is. An abusive man doesn't want his MO out there and an innocent man doesn't want to be slandered with no due process. A curious or cautious woman assured of anonymity doesn't want her driver's license photo showing up in a data dump. No one is really winning, here.
The first round of the data breaches made public thousands of verification images that included government identification cards and photos, but Tea was quick to say that those were all two years old, no recently created accounts were impacted, and they had enlisted cybersecurity experts and law enforcement to get to the bottom of what happened.
The second round involved much more recent—and, at times, sensitive—data: Direct messages that had been sent and received on the app as recently as last week. These were technically anonymous, as they're not tied to users' real names, but some include details personal enough to make their authors identifiable. Tea quickly shut down the DM feature last Friday in response to the breach and it remains inoperable today, though the rest of the app is still usable.
There's no proof these messages were disseminated—rather, the breach was discovered by an investigator who took the findings to the press. The driver's license photos from the first breach are another story—those were spread across forums and social media.
