The popular dating app Tea, designed exclusively for women, has come under scrutiny following a significant data breach that exposed sensitive user information. On July 25, 2024, an unsecured database containing tens of thousands of records was discovered, raising concerns about user privacy and safety. The breach did not involve the Tea platform itself but rather a compromised legacy data storage system that housed user data prior to February 2024.
Tea, which has become a sensation in recent months, requires women to verify their identity through selfies and photo identification. This process aims to facilitate anonymous conversations about men they may be dating, helping users avoid potentially harmful interactions. The app has recently surged in popularity, becoming the top free application in the Apple App Store with over 2 million downloads and gaining traction in the Android market.
The breach has drawn attention from various quarters, including criticism from some men who perceived the app as a threat. Following this, anonymous users on message boards such as 4chan called for the app to be hacked, leading to the discovery of the exposed database. The database contained approximately 72,000 images, including around 13,000 selfies and photo IDs submitted for account verification, alongside about 59,000 images from user interactions within the app.
In a statement on its website, Tea acknowledged the breach and clarified that while email addresses and phone numbers were not compromised, the unsecured database should have been adequately protected. The company admitted that it failed to migrate the database to a more secure system in a timely manner.
“The dataset was archived to comply with law enforcement requirements related to cyber-bullying prevention,” the company stated. They emphasized that the information had been kept longer than intended due to these regulations, which ultimately led to its exposure. The app’s privacy policy indicates that users are required to submit a selfie during the registration process, which is supposed to be securely processed and deleted immediately after verification. However, the breach revealed that sensitive information had not been adequately handled.
As a result of this incident, women who registered for the app before February 2024 may be at risk. While the total user base exceeds 4 million, reports suggest that only a few thousand have been directly affected by the breach. Nonetheless, the implications for those users are serious. The exposure of selfies and IDs increases the potential risk of identity theft and harassment, with individuals possibly using this information for malicious purposes, including stalking or deepfake campaigns.
It remains unclear whether Tea will directly inform impacted users about the breach. Instead, the company has encouraged users with concerns to contact their support team at [email protected]. In response to the incident, Tea stated, “We have engaged third-party cybersecurity experts and are working around the clock to secure our systems.” They also noted that additional security measures have been implemented to prevent further occurrences.
The company has urged users to be proactive, suggesting that those who suspect they may have been affected should consider measures such as replacing their identification, freezing their credit, or exploring identity theft protection services. As the investigation continues, the focus remains on ensuring the safety and privacy of Tea’s users, which the company identifies as its top priority.
