Tea app hacked as women’s photos, IDs & even DMs leaked online

Privacy Promises Broken: The Rising Threat to Discreet Dating Apps

Many dating platforms that advertise themselves as secure and private often fall short of their promises. One notable example is Ashley Madison, a site tailored for individuals seeking extramarital affairs, which experienced a devastating data breach in 2015. Hackers released the personal information, emails, and financial details of 32 million users, sparking widespread outrage, legal actions, and even tragic suicides.

Recently, a new player in the realm of dating safety—an app called Tea—became the target of a significant security breach, exposing users’ selfies, government-issued ID images, and personal conversations stored within the app.

The Background and Rise of Tea

Launched in 2023, Tea positioned itself as a U.S.-based platform dedicated to women’s safety in online dating. It initially required users to verify their identities through selfies and government-issued IDs, a step meant to ensure genuine profiles and protect users. However, by the end of that year, the ID verification process was phased out without much notice.

The app quickly gained popularity, reaching the top of the U.S. App Store in July 2025 and attracting millions of users eager for a safer dating environment. Its focus on privacy and women’s safety made it a preferred choice among its target audience.

Uncovering the Breach: How It Happened

On July 25, 2025, members of the online forum 4chan discovered a publicly accessible Firebase storage bucket containing a trove of user data from Tea. An alarming post on the forum boldly proclaimed: “DRIVERS LICENSES AND FACE PICS! GET THE **** IN HERE BEFORE THEY SHUT IT DOWN!”

Subsequent investigations confirmed that the breach involved an unauthorized access to a legacy database containing approximately 72,000 images. This included around 13,000 selfies and ID photos, along with 59,000 images retrieved from user posts, comments, and direct messages. These data belonged to users who registered before February 2024, many of whom believed their information was protected.

The Extent of the Data Leak

According to Tea’s official statements, the leaked data originated from older systems that had not been migrated to the company’s current secure infrastructure. The breach did not expose email addresses or phone numbers, and only legacy users seemed affected at first glance.

However, independent cybersecurity researcher Kasra Rahjerdi and investigative reporting revealed a far more severe situation: approximately 1.1 million private messages exchanged between users from early 2023 through July 2025 have also been leaked. These messages contain highly sensitive content, including discussions about abortions, infidelity, personal contact information, and meeting arrangements.

Immediate Company Response and Security Measures

In light of the breach, Tea disabled its direct messaging system and took the affected messaging infrastructure offline to prevent further damage. The company claimed that there was no evidence of intrusions into other parts of their digital ecosystem.

Attempts to obtain official comments from Tea were unsuccessful at the time of writing. Nevertheless, this incident underscores the risks associated with trusting digital platforms that handle sensitive personal data.

The Fallout: Privacy, Harassment, and Safety Risks

The Tea data breach is a nightmare scenario for its users. It exposes not just usernames and emails but deeply personal identifiers like government IDs, selfies, and extensive private conversations. Once such information becomes public, it’s virtually impossible to retract or erase—especially when shared across the internet.

As Tea marketed itself as a protected space for women to share intimate details, its failure to safeguard this data undermines the core promise of privacy. Victims now face potential harassment, doxxing, and the circulation of their images and stories without consent—particularly on misogynistic forums where threats and abuse are rampant.

Protecting Yourself After the Breach

1. Safeguard Your Identity

If your ID or selfies were part of the leak, you are at increased risk of identity theft and impersonation. Consider subscribing to an identity theft protection service that monitors your credit reports and alerts you to suspicious activity like new accounts or inquiries. Acting swiftly can prevent further damage.

2. Remove Personal Data from the Web

Leaked images and personal details can appear on various websites or shady databases. Using a personal data removal service can help you automate the process of cleaning your online footprint. While no service guarantees complete eradication, ongoing monitoring can significantly reduce your digital exposure.

To check whether your personal data is already accessible online, utilize free scanning tools available from reputable data removal services.

Strengthening Your Digital Security

3. Update Passwords and Enable Two-Factor Authentication

Many attackers exploit reused passwords and common usernames across multiple platforms. Updating your passwords regularly and activating two-factor authentication (2FA) on all accounts adds a vital layer of security. Using a reliable password manager helps generate and store complex passwords securely.

4. Be Vigilant Against Phishing and Threatening Messages

If you receive threatening emails or messages following a data breach, do not respond or click on any links. Report such messages to authorities or cybersecurity organizations, and block the sender to prevent further harassment.

5. Install Robust Antivirus Software

Protect all your devices with comprehensive antivirus solutions that can detect phishing attempts, ransomware, and malware. Staying vigilant against malicious links and emails is essential to safeguarding your personal information.

6. Monitor Your Digital Footprint

Use reverse image search tools to check if your photos have been posted elsewhere online. If you find unauthorized postings, document and report them to the platform involved. Taking proactive steps can help you regain control over your personal data.

Legal Actions and Future Precautions

If you believe your data was mishandled or improperly secured, consider filing a complaint with relevant authorities. Holding companies accountable encourages stricter security standards and better protection for users.

The breach at Tea highlights a critical failure to protect sensitive information entrusted to a platform that claimed to prioritize women’s safety. As digital threats evolve, it’s imperative for companies to implement stronger security protocols, especially when handling highly personal data. Users must remain vigilant and proactive to defend their privacy in an increasingly interconnected world.

Ethan Cole

Ethan Cole

I'm Ethan Cole, a tech journalist with a passion for uncovering the stories behind innovation. I write about emerging technologies, startups, and the digital trends shaping our future. Read me on x.com