Tea app. Credit: Instagram @theteapartygirls
Women’s-only Tea app suffers major data breach, with hackers leaking thousands of sensitive images and IDs online, sparking global privacy concerns.
A major security breach has rocked the viral women’s-only Tea app, with hackers reportedly leaking more than 13,000 selfies and government ID photos online – most of which belonged to women seeking a safer online space.
Tea, designed as a platform for women to flag toxic behaviour from men, confirmed on July 25, that hackers had breached a database containing over 72,000 images, including verification selfies and ID scans from its user base.
The platform, which recently topped the Apple App Store rankings, rose to popularity for allowing users to anonymously search, rate, and comment on men – labelling them “red flags” or “green flags.”
“Protecting our users’ privacy and data is our highest priority. Tea is taking every necessary step to ensure the security of our platform and prevent further exposure,” a Tea spokesperson told NBC News.
How was the Tea app hacked?
The leak appears to have been coordinated via a 4Chan thread, with users calling for a “hack and leak” campaign against the app. On Friday morning, a 4Chan user posted a downloadable link to the stolen image database, and identification photos quickly began circulating on both 4Chan and X.
Tea has blamed the breach on an old database, originally created in line with cyberbullying prevention requirements. Despite this, user selfies were supposed to be deleted after verification, and screenshots of in-app content were blocked.
The platform’s creator, Sean Cook, has previously stated that Tea was inspired by his mother’s traumatic online dating experiences, including unknowingly dating men with criminal records.
Tea users’ messages and locations also compromised
On July 28, 404 Media reported that a second vulnerability had allowed access to over 1.1 million direct messages (DMs), some of which contained highly personal information that could identify users.
“As part of our ongoing investigation… we have recently learned that some direct messages (DMs) were accessed,” Tea confirmed to NBC News, adding that the affected system had since been taken offline.
Cybersecurity researcher Kasra Rahjerdi, who discovered the DM breach, said others had accessed the database before him, though it remains unclear if they downloaded the data.
Additionally, Google Maps was used to share a map showing supposed Tea user locations linked to the leak. Notably, the coordinates were anonymous and did not include names.
The company says it is identifying affected users and will offer free identity protection services. Tea also claims to donate 10 per cent of its profits to the National Domestic Violence Hotline, which confirmed the company as a legitimate donor to NBC News.
View all technology news.
View all lifestyle news.
