The women-only dating app "Tea" recently suffered a massive hacking attack, resulting in the leak of approximately 72,000 user images. The app, designed to allow women to anonymously share their dating experiences with men, requires thorough identity verification, raising security concerns.
Tea officially acknowledged the hacking in an interview with Reuters on July 26, stating that of the leaked images identified so far, approximately 13,000 were user authentication data such as IDs and selfies, while approximately 59,000 were images included in posts, comments, and direct messages (DMs). The company explained that the damage was limited to subscribers before February 2024, and added that no direct personal information such as email addresses or phone numbers was exposed.
However, the situation is spreading out of control as hackers share the leaked data on online communities such as 4chan. One user posted, “Data including driver’s license and face photos have been exposed, so please check quickly,” and then deleted the post. Some of the images have also reportedly spread to X (formerly Twitter).
Security experts have raised concerns about Tea's database, stored on Google Firebase, being exposed, potentially allowing sensitive personal information to be easily leaked. Tea explained that the data was retained for two years for cyberbullying and law enforcement purposes.
This incident goes beyond a simple information leak and threatens women's online safety. Tea is an app designed to allow users to exchange information about men through background checks, reverse-search photos, and sharing risky behavior. Only women who have verified their identities can join, and all activities are anonymous. While screenshot storage was technically blocked, the hacker appears to have bypassed this and obtained the data.
Tea founder Sean Cook said he developed the app after his mother was scammed online, and has focused on women's advocacy, donating 10% of all profits to domestic violence support organizations in the United States.
Nevertheless, this incident has significantly shaken user trust. Some users have expressed privacy concerns through Instagram and other platforms, and Tea has issued an apology and announced that it will provide free identity protection services to the victims. Furthermore, to counter the hack, the company has hired cybersecurity experts and taken relevant systems offline.
This incident serves as a reminder of the importance of security and user protection systems that dating apps must adhere to. While Tea stated that it is "doing everything it can to protect this community," rebuilding trust will likely take time.
