Tea, a fast-growing dating safety app for women, confirmed on Friday that hackers had accessed its legacy data system, exposing around 72,000 images submitted by users.
The breach includes 13,000 selfies and ID photos submitted during verification and 59,000 photos pulled from posts, comments, and direct messages.
According to the company’s statement, only users who joined before February 2024 were affected.
The platform allows women to anonymously review and share experiences with men they’re dating, or considering dating.
Tea is known for its strong emphasis on women’s safety, offering background checks, catfish detection, and sex offender searches to help users avoid potentially dangerous situations. Ironically, this latest breach has triggered fresh concerns about privacy and data protection.
How the Tea app hack happened
According to Tea, the breach was traced to a legacy storage system that wasn’t fully transitioned to the app’s newer and more secure infrastructure.
The exposed data was archived initially to comply with law enforcement requests related to cyberbullying investigations. While the platform says current users aren’t at risk, the incident raises questions about how securely sensitive images were being stored.
The company became aware of the unauthorised access at 6:44 AM PST on July 25 and immediately launched a full investigation with help from external cybersecurity experts.
Tea insists that no email addresses or phone numbers were compromised and reiterated that only images tied to older user accounts were accessed.
In a public statement, the company said: “We’ve acted fast and are working with some of the most trusted cybersecurity experts. We’re taking every step to protect this community.”
Tea also confirmed that the exposed selfies and ID photos were previously submitted for identity checks, a feature the platform phased out in 2023 after shifting to a less intrusive verification process.
User privacy concerns
The Tea team is now working around the clock to secure its systems and prevent further leaks. They’ve also introduced additional security measures, though details have not been made public.
Users with concerns are being encouraged to email the support team, and anyone wanting to delete their account or application can do so by following specific steps outlined by the company.
Despite the backlash, Tea has not backed down from its mission. The app continues to gain traction, with more than two million new requests to join reportedly submitted in just the past few days. Still, this breach is a reminder that even apps built around safety and privacy are not immune to cybersecurity threats.
Tea’s promise that ‘women should never have to compromise their safety while dating’ now faces a tough test. As the company scrambles to regain users’ trust, it joins a growing list of digital platforms navigating the delicate balance between user protection and personal data exposure.