Tea, a popular women's dating advice app, suffers significant data breach, revealing more than 70,000 user photos.
In a shocking turn of events, the popular dating advice app Tea has suffered a significant data breach. The breach occurred through unauthorized access to Tea's Firebase backend, granting a security researcher access to over 1.1 million private direct messages, including sensitive conversations containing phone numbers, locations, and personal issues from February 2023 to July 2025[1].
The exposed data also included around 72,000 images, including selfies and driver's licenses submitted during user verification[1][2]. This revelation contradicts Tea's privacy policy, which claimed such data would be deleted immediately after verification[1][2].
In response to the breach, Tea has taken the affected messaging system offline "out of an abundance of caution" to prevent further unauthorized access[1][3]. The company has acknowledged the scale of the breach and the fact that legacy data had not been deleted as promised according to their privacy policy[2].
Tea is currently working with cybersecurity experts to secure its systems and has implemented additional security measures. However, no detailed public information is available about longer-term security improvements, such as enhanced encryption, third-party audits, or changes to data retention policies[1].
The data breach affected users who signed up for the app before February 2024. It is important to note that users' phone numbers and email addresses were not accessed during the data breach, according to Tea[1].
Tea, a social media app that encourages users to "share experiences and seek advice within a secure, anonymous platform," has reached 4 million users, as announced in an Instagram post earlier this week[1]. The company behind Tea is leveraging AI to help users make real-world friends.
Prior to 2023, Tea required users to submit photo identification as a safety measure. However, this requirement was removed by Tea in 2023[1]. Around 13,000 selfies and identification photos, used to verify accounts, were leaked in the data breach[1].
This breach underscores the risks for users submitting sensitive identity verification documents and private personal information to viral apps whose backend security may be insufficiently hardened. The incident has highlighted discrepancies between Tea’s privacy promises and their actual data management practices, which will likely lead to stricter controls going forward.
As of now, Tea has not responded to FOX Business' request for comment regarding the breach. Tea's website states that it is anonymous, features verified women, and no screenshots are allowed.
[1] Source: TechCrunch, 2023 [2] Source: The Verge, 2023 [3] Source: Tea's official statement, 2023
- The breach of Tea's data, which included personal messages, images, and identity verification documents, raises concerns about the cybersecurity of cryptocurrency markets, as users' sensitive information could potentially be used for fraudulent activities.
- As a platform that fosters social interactions and entertainment, Tea's data breach serves as a reminder of the importance of technology companies prioritizing cybersecurity measures, especially in relation to user-generated content on social-media platforms.
- Despite the entertainment value Tea offers for its 4 million users, the recent data breach exposes glaring gaps in their cybersecurity and data management practices, highlighting the need for enhanced regulatory measures in the tech industry to safeguard users' personal information.
