Privacy Betrayal: Dating App Tea Suffers Major Data Breach
In a stark reminder of the challenges in securing personal data, particularly within the dating app landscape, Tea, a platform marketed as a “dating safety” app for women, has suffered a significant data breach. This incident underscores the vulnerability of even those platforms that prioritize safety and privacy, leaving users exposed to potential harassment, identity theft, and emotional distress.
The breach comes years after the infamous Ashley Madison hack, which exposed the data of millions seeking extramarital affairs. This latest incident raises serious questions about the responsibility of companies handling sensitive user information.
What Happened?
The initial discovery was made by users on 4chan, who found a publicly accessible Firebase storage bucket containing Tea user data. The exposed information included a treasure trove of personal content, including:
- Selfies
- Photo identifications (IDs)
- Images from posts
- Images from comments
- Images from direct messages (DMs)
Tea confirmed that the breach involved unauthorized access to a legacy database, affecting approximately 72,000 images. This included 13,000 selfies and ID photos, along with 59,000 images from posts, comments, and messages belonging to users who signed up before February 2024.
The Breach Extends Beyond Images
Independent researcher Kasra Rahjerdi and further reporting revealed that the breach was even more extensive than initially reported. Approximately 1.1 million direct messages (DMs), spanning from early 2023 through July 2025, were also exposed. These DMs contained highly sensitive conversations about:
- Abortions
- Cheating
- Phone numbers
- Meeting information
- Other personal matters
Tea’s Response
In response to the breach, Tea disabled its DM system and took the affected messaging system offline. The company claimed that the data came from older systems not migrated to current secure infrastructure and that no email addresses or phone numbers were exposed. They also stated that only legacy users were affected.
The Real-World Impact
The Tea data breach is a serious issue, particularly given the app’s positioning as a safe space for women. The exposed data has already led to harassment and doxxing attempts, with victims’ faces and stories being circulated without their consent.
Unlike a generic social app, Tea specifically marketed itself as a “dating safety” platform, creating a reasonable expectation of enhanced privacy protections among its users. This breach represents a profound failure to uphold that promise.
Steps to Take if You Were Affected
If you’ve used Tea, it’s crucial to take immediate steps to protect your privacy and mitigate potential fallout.
- Identity Theft Protection: If your ID was part of the leak, you’re at risk of impersonation. Consider using an identity theft protection service to monitor your credit and financial records for suspicious activity. These services can alert you to new credit inquiries, account openings, or changes to your financial information.
- Data Removal Services: Leaked selfies or names can appear on people-search sites and other databases. A personal data removal service can help remove your personal information from the internet. While no service can guarantee complete removal, these services can continuously monitor and automate the process of removing your data from numerous sites.
- Update Passwords and Enable Two-Factor Authentication: Attackers often cross-reference usernames and reused passwords across different platforms. Update your passwords and enable two-factor authentication on all your accounts. Consider using a password manager to securely store and generate complex passwords.
- Beware of Phishing Attempts: After high-profile leaks, victims often receive threatening messages or phishing attempts. Do not respond to suspicious messages, click on any links, or provide any personal information. Report the message and block the sender. If you feel unsafe, contact local cybercrime authorities or a digital rights organization.
- Install Antivirus Software: Protect yourself from malicious links and phishing emails by installing robust antivirus software on all your devices. This software can also alert you to ransomware scams, safeguarding your personal information and digital assets.
- Reverse Image Search: Use reverse image search tools like Google Images or PimEyes to check if your face has been posted elsewhere online. If you find anything, document it, report it to the platform where it was shared, and avoid engaging directly with the person who shared it.
Filing a Complaint
If you believe your data was mishandled, you can file a complaint with:
- The Federal Trade Commission (FTC)
- Your state’s attorney general or data protection authority
This action can put pressure on the company to take responsibility and help prevent future data misuse.
The Bigger Picture
This breach highlights the need for stricter security standards for apps that handle sensitive data. When platforms promise privacy and provide a space for people to share intimate experiences, they have a responsibility to protect that data. The consequences of failing to do so can be devastating for users.