Massive Data Breach Hits Tea App: 4chan User Leaks Female Profiles, Raising Security Concerns
A significant data breach has rocked the Tea app, a women-only dating safety platform that surged to the top of the Apple App Store charts this week.
A user on 4chan has reportedly leaked profiles of female users, specifically targeting those who posted negative reviews about men. These profiles, which included verification photos intended to confirm user identities, were part of a broader dump of the app’s full database, now circulating on torrents. The incident exposes a glaring contradiction at the heart of Tea’s mission: promising to protect women while failing to safeguard their personal data.
The Breach Unveiled
These verification photos, required to ensure only women use the platform, were meant to be securely processed and deleted post-verification. Instead, they were left exposed, allowing the hacker to compile and distribute the full database via torrents, making it accessible to anyone with the right tools.
Reports suggest the breach stems from a misconfigured storage bucket that lacked basic authentication, a critical oversight for a platform handling sensitive user data. The 4chan leak initially sparked the exposure, with users quickly amplifying the breach across anonymous forums and social media, including X, where sentiments range from outrage to skepticism about online verification practices.
Tea’s Mission vs. Reality
Tea markets itself as a “safe space” for women to share insights and warnings about men they encounter in the dating world, using features like reverse image searches and background checks to verify identities and flag potential risks.
The app’s creator, Sean Cook, launched it inspired by his mother’s troubling online dating experiences, aiming to empower women with tools to avoid catfishing or abusive partners. With over 4 million users and a rapid rise in popularity, Tea positioned itself as a sisterhood dedicated to safety.
However, the breach undermines this promise. The leaked data, though reportedly from a “legacy system” over two years old, includes highly sensitive information like driver’s licenses and selfies—details Tea assured users would be protected. The app’s privacy policy claims to employ “reasonable security measures,” yet the public accessibility of the database suggests a fundamental failure in execution. This irony has fueled criticism, with the slogan “Tea: We protect girls” now juxtaposed against “Tea: Can’t protect their personal data,” highlighting a disconnect between intent and outcome.
Also read:
- Tinder Tests Height-Based Matching for Gold and Platinum Users, Sparking Backlash
- OnlyFans Returns to the Classics: Billboard Advertising Makes a Bold Comeback
- Hawk Tuah Girl’s Dating Revolution: Baldness Predictions and AI-Powered Flirting
- The Empire is Changing Face: But It's Still an Empire - And the Role of DOGE
Broader Implications
Tea has responded by engaging cybersecurity experts and launching an investigation, asserting that no current user data is affected. Yet, the damage is done, with torrents ensuring the leaked data remains accessible. This breach raises questions about the broader tech industry’s approach to user privacy, particularly for apps relying on verification to build trust. As the investigation unfolds, the true scope of the leak —and its long-term impact on Tea’s reputation — remains uncertain, leaving users to grapple with the fallout of a safety app that couldn’t protect its own.