There has been a massive data breach at ‘Tea App’, a women-only dating safety app that surged to the top of Apple’s App Store charts this week, exposing personal information of approximately 72,000 users.
The anonymous, women-only dating advice app making waves online, is now under intense scrutiny following a major data security breach.
Data breach
A Tea App spokesperson confirmed that approximately 72,000 images were leaked online. Among them were around 13,000 verification photos, including selfies and images featuring government-issued IDs submitted during account setup. An additional 59,000 images, originally visible within the app through posts, comments, and direct messages, were also accessed without authorization.
“We can confirm that at 6:44 AM PST on Friday, July 25th, Tea identified unauthorized access to one of our systems and immediately launched a full investigation to assess the scope and impact,” a spokesperson for Tea said in a statement.
The breach, first reported by 404 Media, has sparked widespread concern about the app’s security practices and the broader risks of online identity verification.
“Tea has engaged third-party cybersecurity experts and are working around the clock to secure its systems, at this time, there is no evidence to suggest that additional user data was affected. Protecting tea users’ privacy and data is their highest priority” the company said.
Tea, launched in 2023, markets itself as a “virtual whisper network” for women to share anonymous reviews and safety information about men they encounter on dating platforms, like Tinder and Bumble. The app, requires new users to submit selfies and photo IDs to verify their identity, a process intended to ensure a women-only community.
Cyber Security Failure
According to reports, 4chan users discovered an unsecured Firebase database; Google’s mobile app development platform, that contained 59.3 GB of user data, including 13,000 verification selfies and IDs and 59,000 images from posts, comments, and direct messages.
The database, described as a “public bucket” with no password or authentication, was accessible to anyone with the URL, which was shared on 4chan and other platforms.
Also Read: How Cybercriminals Hack Bank Accounts and Drain Millions Using Mobile Phones
404 Media found a 4chan-shared URL containing Tea app files, but the page was later taken down and now shows a “Permission denied” error.
Follow our WhatsApp Channel and X Account for real-time news updates.
