The 404 Media Podcast: "The Tea Breach Just Keeps Getting Worse"

Release Date: July 30, 2025

In the latest episode of The 404 Media Podcast, hosts Joseph, Sam Cole, Emanuel Mayberg, and Jason Kebler delve into the escalating data breaches of the women’s dating safety app, Tea (referred to as "T"), and explore the ramifications of the United Kingdom’s newly enacted Online Safety Act. This comprehensive summary captures the episode's key discussions, insights, and conclusions, complete with notable quotes and timestamps for reference.

1. Unveiling the First Tea Breach

Introduction to the Breach

The episode kicks off with Emmanuel Mayberg providing an overview of Yubikeys, emphasizing their role in preventing phishing attacks and securing user accounts. However, the primary focus swiftly shifts to a significant data breach involving the women’s dating safety app, Tea.

Receiving the Tip

At [04:17], Jason Kebler recounts how the team received an urgent tip about the breach:

"[04:17] Jason Kebler: ...someone had presented a major breach of Tea, where users' images and sensitive data were being made publicly accessible on 4chan."

Details of the Breach

Jason explains that Tea, designed to allow women to safely exchange information about potential dating partners, suffered a severe security lapse:

"[06:25] Joseph: Because it was exposed."

"[06:26] Jason Kebler: It was fully exposed. ... It was like open season. Everybody was in there and kind of gleefully taking advantage of it and making fun of the users." [06:26]

The breach involved the exposure of thousands of user selfies and identity documents stored on a Google Firebase instance. Due to inadequate authentication measures, malicious actors accessed and distributed this sensitive information, exacerbating the situation by mocking and harassing the affected users.

Propagation and Abuse

Joseph highlights the rapid spread and abuse of the leaked data:

"[07:08] Joseph: ... people were explaining to one another, hey, here's a script to rifle through the metadata of the files. It's just a series of attachments and that sort of thing." [07:08]

Jason details the extent of the data exposed:

"[07:08] Jason Kebler: ... tens of thousands of people's selfies and their identity documents." [07:08]

2. The Second Tea Breach: Exposing Private Conversations

Discovery of the Extended Breach

At [13:25], Emanuel Mayberg introduces the second, more alarming breach involving Tea’s database:

"[13:25] Emmanuel Mayberg: ... the main database of Tea was exposed, including over a million direct messages containing highly sensitive information such as discussions about abortions and cheating."

Verification Process

Jason explains the meticulous verification steps undertaken to confirm the authenticity of the breach:

"[14:43] Joseph: ... downloaded the entire dump once it was made available so I could verify. ... tried to make accounts on Tea with those usernames and in every single case, that was not possible because that username was already in use." [14:43]

This rigorous approach ensured the credibility of their findings, revealing the depth of personal and sensitive data compromised.

Impact and Response

The breach led to severe privacy concerns, prompting Tea to limit access to direct messages:

"[19:32] Joseph: ... Tea made a post on Instagram saying, oh, we've just learned actually the direct messages were exposed. We're turning off DMs now." [19:32]

3. Legal Repercussions: Class Action Lawsuit Against Tea

At [21:24], Jason Kebler announces the filing of a class action lawsuit against Tea:

"[21:24] Jason Kebler: ... a law firm specializing in data breaches has filed a class action against Tea." [21:24]

The lawsuit aims to hold Tea accountable for the mishandling of user data, with expectations of similar complaints joining the class action, seeking remediation for the affected users.

4. The UK’s Online Safety Act and Its Ripple Effects

Overview of the Online Safety Act

Transitioning to the second major topic, at [26:51], Sam Cole outlines the UK's new Online Safety Act:

"[26:51] Sam Cole: ... the Online Safety Act requires platforms to implement age verification measures to ensure users are 18 and over, primarily targeting the protection of children from harmful content."

Implications for Online Platforms

This legislation mandates platforms like Reddit to enforce stringent age verification processes, impacting not only adult content but also mature subreddits discussing sensitive topics such as war crimes:

"[30:15] Joseph: ... the headline is UK users need to post selfie or photo ID to view Reddit's r/IsraelCrimes r/UkraineWar footage." [26:51]

Challenges and Unintended Consequences

Jason Kebler expresses concerns over the broader implications of the law:

"[30:15] Jason Kebler: ... it's one of the most complicated subjects we cover... Censorship and platform governance is a very complicated subject... it's a huge mess." [30:15]

Sam Cole elaborates on the law's impact beyond pornography, affecting platforms hosting diverse content:

"[29:32] Sam Cole: ... Reddit is implementing age verification not just for porn but for any mature content, including graphic news communities." [29:32]

Censorship and Privacy Issues

Emanuel Mayberg critiques the legislation for undermining internet freedom and privacy:

"[36:52] Emmanuel Mayberg: ... this legislation fundamentally undermines the idea of having a free and open Internet... There’s a risk of sensitive data exposure similar to the Tea breach." [36:52]

The hosts discuss how these measures resemble authoritarian censorship, citing examples from other countries where similar laws led to excessive content restrictions and privacy invasions.

Lobbying and Political Influence

Sam Cole highlights the role of lobbying groups in pushing for such regulations:

"[44:10] Sam Cole: ... religiously affiliated conservative groups are a major force behind these regulations, often conflating all adult content with trafficking." [44:10]

These groups exert significant pressure on payment processors and legislators, leading to stringent policies that inadvertently stifle legitimate online expression and privacy.

5. Privacy Risks and Future Implications

Data Security Concerns

The discussion underscores the potential risks of centralized age verification systems, where the collection of personal IDs could lead to large-scale data breaches akin to Tea’s incident:

"[41:06] Emanuel Mayberg: ... various age verification services claim to delete IDs after verification, but the multitude of providers increases the risk of data leaks." [41:06]

Technological and Social Workarounds

The hosts anticipate that users will seek alternatives such as VPNs to bypass restrictions, mirroring past patterns observed in countries with strict internet controls:

"[49:02] Emmanuel Mayberg: ... similar to how Chinese restrictions led to grandparents logging in to play games, users will find ways around UK’s age verification." [49:02]

Broader Impact on Digital Freedom

Jason Kebler emphasizes the long-term negative effects on digital freedom and access to information:

"[53:50] Joseph: ... age verification makes accessing critical information more cumbersome and threatens the open nature of the internet." [53:50]

Conclusion

The episode of The 404 Media Podcast effectively highlights the intertwined issues of data security breaches and legislative overreach in online safety measures. Through detailed reporting and insightful discussions, the hosts illuminate the precarious balance between protecting vulnerable users and preserving digital freedoms. The Tea breaches serve as a stark reminder of the vulnerabilities inherent in digital platforms, while the UK's Online Safety Act exemplifies the complex consequences of governmental interventions in internet governance.

Listeners are left with a profound understanding of the challenges faced by both users and platforms in navigating the rapidly evolving landscape of digital security and online regulation.

For those interested in supporting independent journalism and accessing exclusive content, The 404 Media Podcast encourages subscriptions at 404media.co. Subscribers gain access to ad-free episodes, bonus content, and additional insights from the hosts.