Women’s Dating Safety App Tea Hit by Massive Data Breach

Tea, a women-focused dating safety app that had recently surged in popularity, confirmed a major data breach affecting approximately 72,000 user images, including selfies, photo IDs, and in-app posts published before February 2024.

What Happened

The breach, first spotted by users on the anonymous forum 4chan, stemmed from an unsecured legacy Firebase database—a cloud storage system left publicly accessible without authentication or encryption. Hackers reportedly downloaded 13,000 verification images (selfies and ID photos) and 59,000 additional images shared in posts, comments, or direct messages.

Within hours, the data appeared to have been reposted online. The initial thread was later taken down, but versions of the leaked files reportedly crossed over onto platforms like BitTorrent, making them effectively irreversible.

Tea’s Response and Scope

Tea acknowledged the incident on July 25, 2025, stating that the affected items were stored in a “legacy data system” containing images older than two years—dating back to before February 2024. The company emphasized:

• No email addresses or phone numbers were exposed.

• No current or recent user data appears breached.

• An internal investigation and remediation process is underway, with third-party cybersecurity experts engaged.

Tea’s internal account “TaraTeaAdmin” posted an in‑app notice to alert users. The app, which launched in 2023 and recently hit #1 on the U.S. Apple App Store, says it currently has over 4 million users and received a surge of ~2 million new signup requests in the days preceding the breach.

Why It Matters

Tea had marketed itself as a women-only platform for anonymous peer feedback on dating experiences, offering features such as reverse image searches, phone number lookups, and background checks to help users vet potential dates safely.

The breach directly undermines that trust, exposing extremely sensitive verification data intended to protect users’ identities.

Security experts warn the combination of images, IDs, and private messages significantly raises the risk of:

• Identity theft and stalking

• Online harassment and doxxing

• Long-term exposure via permanent traces on peer-to-peer networks

Industry Implications

The breach calls into question how startups handle sensitive personal data, especially when using foreign toolkits or third-party systems. Criticism has emerged over insecure coding practices—some reports suggest Tea utilized AI-generated code without proper security vetting, which left its Firebase bucket open to exploitation.

Legal and ethical debate is also growing around Tea’s core premise. Critics argue that while Tea aims to empower users, its model—sharing personal details about others without their consent—raises serious privacy and defamation issues.

What Comes Next

Tea says it's enhancing its security infrastructure and conducting a full forensic investigation. For affected users and the broader community, the breach underscores the need for rigorous data privacy, transparent protocols about data retention, and clear communication when major lapses occur.

For now, the incident serves as a warning: even platforms built for safety can be undermined by misconfigured storage systems, highlighting the urgent importance of secure development practices in apps handling extremely sensitive personal data.