Technologies

The Tea App Data Breach: What Was Exposed and What We Know About the Class Action Lawsuit

DMs, photo IDs and selfie photos were exposed in the hack.

Tea, a women’s dating safety app that recently surged to the top of the free iOS App Store listings, suffered a major security breach last week. The company confirmed Friday that it «identified authorized access to one of our systems» that exposed thousands of user images. And now we know that DMs were accessed during the breach, too.

Tea’s preliminary findings from the end of last week showed the data breach exposed approximately 72,000 images: 13,000 images of selfies and photo identification that people had submitted during account verification, and 59,000 images that were publicly viewable in the app from posts, comments and direct messages.

Those images had been stored in a «legacy data system» that contained information from more than two years ago, the company said in statement. «At this time, there is no evidence to suggest that current or additional user data was affected.»

Earlier Friday, posts on Reddit and 404 Media reported that Tea app users’ faces and IDs had been posted on anonymous online message board 4chan. Tea requires users to verify their identities with selfies or IDs, which is why driver’s licenses and pictures of people’s faces are in the leaked data.

And on Monday, a Tea spokesperson confirmed to CNET that it additionally «recently learned that some direct messages (DMs) were accessed as part of the initial incident.» Tea has also taken the affected system offline. That confirmation followed a report by 404 Media on Monday that an independent security researcher discovered it would have been possible for hackers to gain access to DMs between Tea users, affecting messages sent up to last week on the Tea app.

Tea said it has launched a full investigation to assess the scope and impact of the breach.

Class action lawsuit filed

One of the users of the Tea app, Griselda Reyes, has filed a class action lawsuit on behalf of herself and other Tea users affected by the data breach. According to court documents filed on July 28, as reported earlier by 404 Media, Reyes is suing Tea over its alleged «failure to properly secure and safeguard … personally identifiable information.»

«Shortly after the data breach was announced, internet users claimed to have mapped the locations of Tea’s users based on metadata contained from the leaked images,» the complaint alleges. «Thus, instead of empowering women, Tea has actually put them at risk of serious harm.»

Tea also has yet to notify its customers personally about their data being breached, the complaint alleges.

The complaint is seeking class action status, damages for those affected «in an amount to be determined» and certain requirements for Tea to improve its data storage and handling practices.

Scott Edward Cole of Cole & Van Note, the law firm representing Reyes, told CNET he is «stunned» by the alleged lack of security protections in place.

«This application was advertised as a safe place for women to share information, sometimes very intimate information, about their dating experiences. Few people would take that risk if they’d known Tea Dating put such little effort into its cybersecurity,» Cole alleged. «One chief goal of our lawsuit is to compel the company to start taking user privacy a lot more seriously.»

Tea didn’t immediately respond to a request for comment on the class action lawsuit.

What is the Tea app?

The premise of Tea is to provide women with a space to report negative interactions they’ve had while encountering men in the dating pool, with the intention of keeping other women safe.

The app is currently sitting at the No. 2 spot for free apps on Apple’s US App Store, right after ChatGPT, drawing international attention and sparking a debate about whether the app violates men’s privacy. Following the news of the data breach, it also plays into the wider ongoing debate around whether online identity and age verification pose an inherent security risk to internet users.

In the privacy section on its website, Tea says: «Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. Please be aware, however, that despite our efforts, no security measures are impenetrable.»

Technologies

If You Were ‘Tricked’ Into an Amazon Prime Subscription, You Should Have Been Paid by Today

Amazon is paying $1.5 billion to people who mistakenly subscribed to Prime, and the first round of payments are due today.

Amazon Prime provides a lot of valuable benefits to its members, but the company’s registration practices for its premium subscription from 2019 to 2025 led to many customers accidentally subscribing to a service they didn’t want.

Amazon is now paying the price for that deception — the US Federal Trade Commission levied a massive $2.5 billion settlement on the company for its subscription tactics.

The majority of the settlement — $1.5 billion — has been earmarked to refund eligible subscribers, with the rest serving as a civil penalty. Amazon is also now legally required to provide a clear, obvious option to decline Prime, making it as easy to leave the service as it is to join.

Amazon isn’t admitting to shady behavior. «Amazon and our executives have always followed the law, and this settlement allows us to move forward and focus on innovating for customers,» Mark Blafkin, Amazon senior manager, said in a statement. «We work incredibly hard to make it clear and simple for customers to both sign up or cancel their Prime membership, and to offer substantial value for our many millions of loyal Prime members around the world.»

The online retail giant started sending out payments to eligible people in November and was supposed to conclude its initial automatic payments today, Dec. 24. Read on to learn more about Amazon’s settlement and what to do if you think you’re eligible for compensation but didn’t receive a payment.

Why did the FTC fine Amazon?

The FTC filed suit against Amazon, accusing the company of using «dark patterns» to nudge people into Prime subscriptions and then making it too hard to cancel. The FTC maintained Amazon was in violation of Section 5 of the FTC Act and the Restore Online Shoppers’ Confidence Act.

«Specifically, Amazon used manipulative, coercive or deceptive user-interface designs known as ‘dark patterns’ to trick consumers into enrolling in automatically renewing Prime subscriptions,» the FTC complaint stated.

Who’s eligible for Amazon’s payout?

Amazon’s legal settlement is limited to customers who enrolled in Amazon Prime between June 23, 2019, and June 23, 2025. It’s also restricted to customers who subscribed to Prime using a «challenged enrollment flow» or who enrolled in Prime through any method but were unsuccessful in canceling their memberships.

The FTC called out specific enrollment pages, including Prime Video enrollment, the Universal Prime Decision page, the Shipping Option Select page and the Single Page Checkout. To qualify for a payout, claimants must also not have used more than 10 Amazon Prime benefits in any 12-month period.

Customers who signed up via those challenged processes and did not use more than three Prime benefits within one year will be paid automatically by Amazon within 90 days. Other eligible Amazon customers will need to file a claim, and Amazon is required to send notices to those people within 30 days of making its automatic payments.

If you are eligible for the automatic payment, you should have received an email from Amazon by today explaining how to claim the money. You can be paid via PayPal or Venmo. If you prefer a paper check, don’t accept the digital payment. The FTC says Amazon will mail you a check that you must cash within 60 days.

How big will the Amazon payments be?

Payouts to eligible Amazon claimants will be limited to a maximum of $51. That amount could be reduced depending on the number of Amazon Prime benefits you used while subscribed to the service. Those benefits include free two-day shipping, watching shows or movies on Prime Video or Whole Foods grocery discounts.

Customers who qualify for the payments should have received them from Nov. 12 to Dec. 24, 2025.If you are eligible for compensation from Amazon but didn’t receive a payout, you’ll need to file a claim after Amazon starts the claim process. The FTC says it will update its Amazon settlement site once that process has begun.

Customers who did not use a challenged sign-up process but instead were unable to cancel their Prime memberships will also need to file claims for payment.

Technologies

Today’s NYT Connections: Sports Edition Hints and Answers for Dec. 25, #458

Here are hints and the answers for the NYT Connections: Sports Edition puzzle for Dec. 25, No. 458.

Looking for the most recent regular Connections answers? Click here for today’s Connections hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle and Strands puzzles.

Today’s Connections: Sports Edition has a real mix of categories, including one that’s all about a certain famous athlete. If you’re struggling with today’s puzzle but still want to solve it, read on for hints and the answers.

Connections: Sports Edition is published by The Athletic, the subscription-based sports journalism site owned by The Times. It doesn’t appear in the NYT Games app, but it does in The Athletic’s app. Or you can play it for free online.

Read more: NYT Connections: Sports Edition Puzzle Comes Out of Beta

Hints for today’s Connections: Sports Edition groups

Here are four hints for the groupings in today’s Connections: Sports Edition puzzle, ranked from the easiest yellow group to the tough (and sometimes bizarre) purple group.

Yellow group hint: Swing away!

Green group hint: What’s that on your bat?

Blue group hint: Catch the football.

Purple group hint: Lake Placid or Lillehammer.

Answers for today’s Connections: Sports Edition groups

Yellow group: Baseball bat materials.

Green group: Associated with George Brett.

Blue group: NFL rookie WRs.

Purple group: Olympic ____.

Read more: Wordle Cheat Sheet: Here Are the Most Popular Letters Used in English Words

What are today’s Connections: Sports Edition answers?

The yellow words in today’s Connections

The theme is baseball bat materials. The four answers are aluminum, ash, birch and maple.

The green words in today’s Connections

The theme is associated with George Brett. The four answers are 5, pine tar, Royals and third base.

The blue words in today’s Connections

The theme is NFL rookie WRs. The four answers are Burden, Egbuka, Golden and McMillan.

The purple words in today’s Connections

The theme is Olympic ____. The four answers are Games, rings, torch and village.

Don’t miss any of our unbiased tech content and lab-based reviews. Add CNET as a preferred Google source.

Technologies

Christmas Eve Gaming Crushed as Steam Goes Offline

Services related to the popular game hub seem to slowly be returning as of Wednesday afternoon.

Your Christmas Eve gaming session might not go as planned. Online gaming hub Steam went down on Wednesday. As of about 1:30 pm PT, the Steam store page was once again accessible, so services seemed to be coming back online.

The Steam outage appeared to begin mid-afternoon ET, according to Downdetector, which monitors site outages. (Disclosure: Downdetector is owned by the same parent company as CNET, Ziff Davis.)

A representative for Steam did not immediately respond to a request for comment.

As of Wednesday noon PT, Steam’s official X and Bluesky accounts hadn’t posted anything about the outage.

Gamers certainly noticed. «Steam down, Steam down!!!» wrote one Bluesky user.

Others commented on the bad timing just as gamers were enjoying time off or receiving gaming gifts. «‘You got a gift on Steam!’ oh cool ‘Steam is down’ oh cool,» wrote another Bluesky user.