A significant data breach has rocked the Tea app, a women-only dating safety platform that surged to the top of the Apple App Store charts this week.
A user on 4chan has reportedly leaked profiles of female users, specifically targeting those who posted negative reviews about men. These profiles, which included verification photos intended to confirm user identities, were part of a broader dump of the app’s full database, now circulating on torrents. The incident exposes a glaring contradiction at the heart of Tea’s mission: promising to protect women while failing to safeguard their personal data.
The Breach Unveiled
The breach came to light when a 4chan user claimed to have discovered an unsecured database hosted on Firebase, Google’s app development platform, linked to Tea. The leaked data includes approximately 72,000 images, with 13,000 being verification selfies and government-issued IDs, alongside 59,000 additional photos from app posts and direct messages.
These verification photos, required to ensure only women use the platform, were meant to be securely processed and deleted post-verification. Instead, they were left exposed, allowing the hacker to compile and distribute the full database via torrents, making it accessible to anyone with the right tools.
Reports suggest the breach stems from a misconfigured storage bucket that lacked basic authentication, a critical oversight for a platform handling sensitive user data. The 4chan leak initially sparked the exposure, with users quickly amplifying the breach across anonymous forums and social media, including X, where sentiments range from outrage to skepticism about online verification practices.
Tea’s Mission vs. Reality
Tea markets itself as a “safe space” for women to share insights and warnings about men they encounter in the dating world, using features like reverse image searches and background checks to verify identities and flag potential risks.
The app’s creator, Sean Cook, launched it inspired by his mother’s troubling online dating experiences, aiming to empower women with tools to avoid catfishing or abusive partners. With over 4 million users and a rapid rise in popularity, Tea positioned itself as a sisterhood dedicated to safety.
However, the breach undermines this promise. The leaked data, though reportedly from a “legacy system” over two years old, includes highly sensitive information like driver’s licenses and selfies—details Tea assured users would be protected. The app’s privacy policy claims to employ “reasonable security measures,” yet the public accessibility of the database suggests a fundamental failure in execution. This irony has fueled criticism, with the slogan “Tea: We protect girls” now juxtaposed against “Tea: Can’t protect their personal data,” highlighting a disconnect between intent and outcome.
Also read:
- Tinder Tests Height-Based Matching for Gold and Platinum Users, Sparking Backlash
- OnlyFans Returns to the Classics: Billboard Advertising Makes a Bold Comeback
- Hawk Tuah Girl’s Dating Revolution: Baldness Predictions and AI-Powered Flirting
Broader Implications
The incident has reignited debates about the risks of identity verification in digital platforms. Tea’s requirement for selfies and IDs, intended to maintain its women-only community, backfired by creating a treasure trove of exploitable data. Critics argue this exposes the inherent vulnerability of storing such information, especially when security protocols lag behind the app’s growth. Some men, already wary of Tea’s potential to misrepresent them, see the breach as poetic justice, while affected women express betrayal and concern over doxxing risks.
Tea has responded by engaging cybersecurity experts and launching an investigation, asserting that no current user data is affected. Yet, the damage is done, with torrents ensuring the leaked data remains accessible. This breach raises questions about the broader tech industry’s approach to user privacy, particularly for apps relying on verification to build trust. As the investigation unfolds, the true scope of the leak —and its long-term impact on Tea’s reputation — remains uncertain, leaving users to grapple with the fallout of a safety app that couldn’t protect its own.
