Tea, a women-only dating safety app that allows users to anonymously review and comment on men they’ve dated, has suffered a significant data breach exposing approximately 72,000 user images, including 13,000 sensitive selfies and photo identification documents submitted during account verification processes.
The incident, discovered on July 25, 2025, affected users who had signed up before February 2024 and has raised serious concerns about privacy and data security on platforms designed to protect women’s safety while dating.
The cybersecurity incident was first detected at 6:44 AM PST on Friday, July 25th, when Tea’s security systems identified unauthorized access to their infrastructure.
According to the company’s official statement, the compromise involved a legacy data storage system that contained information from prior to February 2024, indicating that the vulnerability existed in older, less secure infrastructure that had not been properly migrated to newer systems.
The technical nature of the breach reveals significant security oversights in Tea’s data management practices.
During the company’s early development stages, some legacy content was not migrated into their new fortified system, leaving an exposed identifier link where sensitive data was stored.
This architectural flaw allowed an unauthorized actor to access the vulnerable system and extract the substantial cache of user images.
The company has confirmed that they immediately launched a full investigation with assistance from external cybersecurity experts to understand the scope and impact of the incident.
Scope of Exposed User Data
The breach exposed approximately 72,000 images in total, with the most concerning aspect being the 13,000 selfies and photo identification documents that users had submitted during account verification processes.
These images were particularly sensitive as they contained users’ faces and government-issued identification documents, which could potentially be used for identity theft or other malicious purposes.
Additionally, 59,000 images that were publicly viewable within the app from posts, comments, and direct messages were also compromised.
Importantly, the company has clarified that no email addresses or phone numbers were accessed during the breach, limiting the potential for direct contact information exploitation.
Only users who had signed up before February 2024 were affected by this incident, as the company had transitioned to a more robust and secure system after that date.
The exposed data was originally archived in compliance with law enforcement requirements related to cyber-bullying prevention, which explains why supposedly deleted selfies remained in the system.
The breach was subsequently reported by 404 Media, bringing public attention to the severity of the situation.
Security Measures
In response to the breach, Tea has engaged third-party cybersecurity experts and implemented additional security measures to prevent further unauthorized access.
The company has confirmed that they have fixed the immediate data issue and are working around the clock with internal security teams to secure their systems.
Tea’s leadership has emphasized that protecting users’ privacy and data is their highest priority, and they are taking every necessary step to ensure the security of their platform1.
The company has established a dedicated support channel at for users with questions or concerns about the breach.
For users who wish to delete their accounts, Tea has provided specific instructions and an alternative contact method.
The company has committed to transparency and promised to provide regular updates as more information becomes available about the full scope of the incident.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
