.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.svg){kind=small}
.webp?width=1220&height=1090&name=Osano-guarantee-seal%20(1).webp)
Hello all, and happy Thursday!
The Tea app debacle just got all that much worse, with a second breach exposing about 1.1 million private chat messages between users.
Ironically, Tea’s mission of keeping women safe from dangerous men was undercut just slightly when it exposed 72,000 women’s selfies and PII to the internet, data that Tea claimed was two years old at the time of the breach.
The data was left in an unsecured database on Google’s app development platform Firebase. There has been speculation that the storage bucket was left unsecured due to AI-driven “vibe coding,” but there’s no smoking gun showing the lax security was due to AI coding or good old-fashioned human error. Now, a cybersecurity researcher discovered it was possible to access a separate database with users’ private messages sent as recently as last week.
There’s a lot to untangle in this story. It’s certainly rubbing salt in the wound that an app purporting to keep women safe seemed unwilling to invest in robust security. The breach brings up questions around data minimization, balancing safety and privacy, AI coding, and more.
It's sure to become a case study on data privacy and security in the future. But that's cold comfort for the tens of thousands of women who now have to take additional measures to protect themselves in their digital and offline lives.
Best,
Arlo
Highlights from Osano
New From Osano
Blog: Data Privacy Strategy: The Ultimate Guide
Not sure what a data privacy strategy is, or how to start building one at your organization? Start here with our blog.
In Case You Missed It...
Blog: The Data Privacy Certification Guide
Unless businesses start hiring psychics, certifications will continue to be a critical way for experts to prove that they know what they're talking about. If you’re looking to bring privacy expertise onto your team or are a burgeoning privacy pro seeking to prove your value, check out our guide to privacy certifications and what they mean.
Podcast: Protecting Privacy at Every Walk of Life
Join Osano CIO Arlo Gilbert as he interviews France Bélanger and Donna Wertalik of Virginia Tech on their academic perspectives on data privacy in the latest episode of the Privacy Insider.
Top Privacy Stories of the Week
Tea App Leak Worsens with Second Database Exposing User Chats
Tea, a viral app designed to help women share advice and flag unsafe dating experiences, recently disclosed a breach exposing approximately 72,000 user images, including around 13,000 verification selfies and IDs, along with private messages. Now, an additional database containing 1.1 million private messages sent between users on the Tea platform as recently as last week was exposed.
Signal Warns It May Quit Australia Over Encryption Backdoor Laws
Signal’s president has stated that the company may withdraw from the Australian market if forced to build access points into encrypted messaging. She described such mandates as fundamentally compromising privacy and integrity. This tension marks a turning point in how we weigh national security against individual security.
Twenty U.S. States Sue USDA Over SNAP Data Demands
Attorneys general from 20 states filed suit challenging the USDA’s plan to gather detailed personal data on SNAP recipients, including Social Security numbers, immigration status, and addresses. They argue the plan breaches federal privacy laws and could deter vulnerable individuals from seeking assistance.
EU Opens Fresh TikTok Investigation Over Data Transfers to China
Ireland’s Data Protection Commission has launched a new GDPR inquiry into whether TikTok improperly transferred EU user data to servers in China. This follows a €530 million fine in spring, and regulators now want to know whether the company has finally locked down data where it belongs.
AI Assistants Raising Concerns Over App Data Access
Google’s Gemini AI has rolled out default permissions that allow it to access data from third‑party apps like WhatsApp without explicit user consent. Cybersecurity experts warn this shift weakens Android’s privacy model and hands over too much control to systems users might barely know are watching.
Like what you hear from the Privacy Insider newsletter?
There's more to explore:
🎙️The Privacy Insider Podcast
We go deeper into additional privacy topics with incredible guests monthly. Available on Spotify or Apple.
📖 The Privacy Insider: How to Embrace Data Privacy and Join the Next Wave of Trusted Brands
The book inspired by this newsletter: Osano CEO, Arlo Gilbert, covers the history of data privacy and how companies can start building a privacy program from the ground up. More details here.
If you’re interested in working at Osano, check out our Careers page!
