Tea, a women-only dating safety app, has suffered a major data breach that exposed approximately 72,000 images. The company confirmed that about 13,000 of these were verification photos—including selfies paired with government-issued IDs—and 59,000 were public-facing images shared inside the app. All of this was hosted in a legacy storage system that was compromised, and hackers reportedly posted the data on 4chan following calls for a “hack and leak” campaign.
The breach was discovered on July 25, 2025, and affected data belonged to users who signed up before February 2024. A company spokesperson explained that while the images were sensitive and included IDs, no email addresses or phone numbers were exposed, and there is no evidence that current user data was impacted. Tea has claimed it initiated a full investigation and engaged third-party cybersecurity experts to secure its systems and assess the scope of the breach.
Community reaction has been intense. On Reddit’s privacy forums, one commentator pointed out that users have no way to know what has been said about them or even if their information exists in the database:
“You can’t search your own name, you aren’t notified if you’re mentioned, and you have no way to verify what … has been said about you.”
Such anonymous profile creation and opaque moderation raise significant concerns about unconsented data sharing and potential privacy violations.
The leak comes amid Tea’s rapid growth—surging to No. 1 on the U.S. App Store in July 2025, with over two million new join requests in a single week. While the platform initially promised anonymity and screenshot blocking, creative users circumvent those privacy layers using secondary devices or recording tools, and those methods have contributed to broader exposure of in-app content.
Critics have also expressed concern over the app’s foundational model, which centers around anonymity and unverified user stories. One reporter referred to it as encouraging “vigilante justice,” enabling unmoderated content that can damage reputations or escalate defamation risk.
Company founder Sean Cook launched Tea in 2023 hoping to create a safe space where women could share warnings and personal experiences. The app requires selfie and ID verification to enter, and a portion of profits is donated to the National Domestic Violence Hotline. Despite these intentions, the breach has raised serious questions about whether the platform’s security was sufficient to protect the sensitive data it collected.
With sensitive images now public and potential victims unaware of their exposure, the incident underscores the fragile intersection between tech-driven safety initiatives and real security safeguards. As the app grows, users and regulators are demanding accountability, transparency, and stronger protections.
Thank you for reading this post, don't forget to subscribe & share!
