The Wire - July 25, 2025

//The Wire//2300Z July 25, 2025//
//ROUTINE//
//BLUF: "DATING" APP DATA BREACH HIGHLIGHTS NATIONAL SECURITY CONCERNS.//

 -----BEGIN TEARLINE-----

-HomeFront-

USA: This morning a major PII leak was exploited on the Tea app, the infamous app that has gained notoriety around the United States. This data leak was not a hack by any means; the selfie ID feature and driver's license images used to register users were stored unencrypted on the app's servers for anyone on the internet to see. Furthermore, the location data was not scrubbed from the images, so the exact GPS coordinate of each user was also leaked, with tens of thousands of users' private location data being leaked online.

-----END TEARLINE-----

Analyst Comments: This app gained infamy as it's entire purpose is to serve as a "Yelp" for women to rate men, and to allow women to secretly share personal information regarding prospective dates, all without men being allowed to either face their accusers or even know that they are being gossiped about (thus the name of the app being a slang term that serves as a synonym for "gossip"). Most importantly, the app uses facial recognition to prevent biological males from obtaining an account. Beyond the unfortunate origins of the app and the equally unfortunate data leak, examination of the data that was leaked is likely to cause exceptionally grave risks to national security. The "gossipy" nature of this story doesn't matter, a bunch of unflattering selfies doesn't matter either; what does matter is that this may have inadvertently revealed significant national security concerns.

For instance, preliminary analysis of the datasets indicates that many users of the Tea app downloaded the app, took a selfie, and registered for an account while at work. In some cases, at government facilities or on military bases...such as the rather unfortunate individual who decided it was a good idea to register for this app while stationed at Marine Corps Base Quantico. Or the person who felt that they needed to use this app while on a gunnery range at the Aberdeen Proving Grounds. So far, other interesting sites located via personnel taking a selfie to register for this app at work include the following locations:

- An ammunition storage bunker at Naval Weapons Station Earle in New Jersey.
- The legislative offices at the Connecticut State Capitol building.
- One of the headquarters buildings at Minot Air Force Base.
- A maintenance site on the airfield at Eglin Air Force Base.
- Alumni Hall at the US Naval Academy in Annapolis.
- And the off-base housing complexes at nearly every single military base in the United States.

Of course, these data points only encompass the GPS coordinates that were embedded in the metadata of the selfies taken when users created an account on the app, so the data that was leaked is merely a snapshot of wherever a person was when they registered an account. Most of the GPS points presented in this data were very precise, pinpointing users within a diameter of 36ft or so on average. GPS errors are also likely to throw off this dataset, so it's probable that quite a few data points are inaccurate. However, most of the data (as leaked) is good enough for nationstate-level malign actors to have a field day when it comes to espionage.

A person who is unhappy with the person they are in a relationship with, who is also willing to submit their full legal name and street address (or GPS location) makes for a prime espionage target when this data is cross-referenced with other data. It takes exactly two clicks to import the leaked data to a map, and overlay that map with known sensitive military sites around the nation...perhaps in the process finding a few new locations as well. It is also easy to cross-reference this data with property ownership documents to find out how many people took a selfie at a different address than listed on their driver's license...or on their spouse's voter registration records.

In short, what seems to be at face value a rather superfluous data breach on a gossip app, may end up having serious national security concerns now that malign actors know the exact GPS location of tens of thousands of potential blackmail targets. Regardless of how this scandal started, the intelligence agencies of dozens of nations are probably crawling through this data set right now, looking for potential vulnerabilities. Furthermore, certain areas within the dataset appear to have been geofenced...there is not a single reported user's data in the entire district of Washington D.C. or all of lower Manhattan. While this is completely speculative at this time, if this app was designed as a honeypot trap from the ground up (for espionage purposes), it's possible that certain areas of the US would be geofenced, to prevent certain powerful people (or politicians) from being caught up in the operation. Once again, this is purely speculative, but it is interesting that some of the most densely populated cities in the US had absolutely zero reported users register. In the world of espionage, one might think that politicians would be a primary target for situations like this, but this is unlikely in this case. Politicians are often compromised by men in dark suits, not normally a cheap app that allows one to gossip about other people. Their spouses however, are a different story. The prime target for these types of operations (if this is indeed more of an espionage attempt) are exactly the people who were targeted...low-to-mid level employees (and their spouses) who would be more easily blackmailed with the type of information that they submitted to the app.

What will come of this is anyone's guess, but beyond the obvious embarrassment angle of this situation (and this affair highlighting actual affairs), the national security risks via blackmail are probably extremely high. What makes this risk unique is that for now, most people are focusing on the socially embarrassing side of this scandal, and not the security risks that are present. As such, when this story is dropped like a hot potato from the news cycle in a few days, that moment is precisely when national-level assets are likely to attempt to exploit the tens of thousands of targets that have now been exposed. Everyone will forget about this in a few weeks, but the espionage potential of this data leak persists well into the future.

Analyst: S2A1
Research: https://publish.obsidian.md/s2underground
//END REPORT//