Hackers leak images and comments from women dating safety app Tea
Hackers leak images and comments from women dating safety app Tea
July 29, 2025
The dating safety app Tea was hacked, leaking images, posts, and comments of thousands of users who shared anonymous “red flag” reports on men.
Tea is a women-only dating safety app launched in 2023 that lets users assess and review potential partners using real-time safety tools, not matchmaking. The app has over 1.6 million members in the U.S., it allows them to perform background checks on men and anonymously share “red flag” behaviour.
The app offers real-time tools like reverse image search (Catfish Finder), phone lookups, and background checks to assess potential partners. It features anonymous group chats for sharing dating experiences in a moderated, private space. However, it faces criticism for enabling unverified claims about men, raising concerns over privacy and defamation.
Tea was hacked, and the security breach impacted members who signed up before February 2024. The data breach exposed ~72,000 images and 1.1 million sensitive messages, though contact details were not compromised.
“At 6:44 AM PST on 7/25, we identified unauthorized access to our systems and immediately launched a full investigation with assistance from external cybersecurity experts to understand the scope and impact of the incident.” reads the data breach notification published by the company.
“Here’s what we know at this time:
A legacy data storage system was compromised, resulting in unauthorized access to a dataset from prior to February 2024. This dataset includes approximately 72,000 images, including approximately 13,000 selfies and photo identification submitted by users during account verification and approximately 59,000 images publicly viewable in the app from posts, comments and direct messages.
No email addresses or phone numbers were accessed. Only users who signed up before February 2024 were affected.”
After discovering the data breach, the company “acted fast” and started working with cybersecurity experts to investigate the incident and determine its impact.
The company attempted to downplay the risks for its members, claiming the breached photos “can in no way be linked to posts within Tea”.
BleepingComputer reported that the app breach has worsened following the leak of a second database containing 1.1 million private user messages. The women-only dating safety app, which requires ID verification, stored user data in an unsecured Firebase bucket.
“On Friday, an anonymous user posted on 4chan that Tea used an unsecured Firebase storage bucket to store drivers’ licenses and selfies uploaded by members to verify they are women, as well as photos and images shared in comments.” reported BleepingComputer.
The 4chan user shared a Python script to extract data from the app’s previously unsecured storage, exposing over 59 GB of data from users who joined before 2024.
The user shared a Python script that could be used to download the data from the now-secured storage bucket.
In total, over 59 GB of data was exposed in the leak, with Tea confirming in a public statement that it affects users who signed up before 2024
Hackers leaked Tea app data on forums, exposing users to social engineering. The second database with 1.1M private messages from 2023–2025 included sensitive topics like abortion and infidelity. Media404 reported that the researcher Kasra Rahjerdi found any user with an API key could access data. Leaks exposed identifiable info and led to a “facesmash”-style site rating selfies. Tea is working with experts, has fixed the flaw, and boosted security to prevent further breaches.
“The first breach was due to an exposed instance of app development platform Firebase, and impacted tens of thousands of selfie and driver license images.” reported 404Media. “Regarding this latest breach, a Tea spokesperson told 404 Media in an email “We are continuing to work expeditiously to contain the incident and have launched a full investigation with assistance from external cybersecurity firms. We have also reached out to law enforcement and are assisting in their investigation. Since our investigation is in its early stages, we do not have more information we can share at this time.””
In a new update, the company confirmed some direct messages were accessed in last week’s breach. DMs are now disabled, and the affected system was taken offline as a precaution.
“Sharing an update on the cyber incident that took place last week. As part of our ongoing investigation, we have recently learned that some direct messages (DMs) were accessed as part of the initial incident. For this reason our DM functionality is down.” reads the update. “To address the issue and out of an abundance of caution, we have taken the affected system offline altogether. At this time, we have found no evidence of access to other parts of our environment.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, data breach)
