Major Data Breach at Women-Only Dating Safety App Tea: Images and Messages Leaked

TL;DR

The women-only dating safety app, Tea, experienced a significant data breach exposing approximately 72,000 images and 1.1 million sensitive messages. The breach was due to an unsecured Firebase storage bucket, impacting users who signed up before February 2024. The company has since taken measures to secure the data and is working with cybersecurity experts to mitigate further risks.

Major Data Breach at Women-Only Dating Safety App Tea

Tea, a women-only dating safety app launched in 2023, recently faced a significant data breach that exposed sensitive user data. The app, which allows users to assess and review potential partners using real-time safety tools, has over 1.6 million members in the U.S. The breach impacted members who signed up before February 2024, exposing approximately 72,000 images and 1.1 million sensitive messages.

Details of the Data Breach

The security breach at Tea compromised a legacy data storage system, resulting in unauthorized access to a dataset that included:

• Approximately 13,000 selfies and photo identification submitted by users during account verification.
• Around 59,000 images publicly viewable in the app from posts, comments, and direct messages.

No email addresses or phone numbers were accessed, and only users who signed up before February 2024 were affected ¹.

Company Response

Tea acted swiftly upon discovering the breach, launching a full investigation with the assistance of external cybersecurity experts. The company initially downplayed the risks, claiming that the breached photos could not be linked to posts within the app. However, the situation worsened with the leak of a second database containing 1.1 million private user messages, which included sensitive topics such as abortion and infidelity ².

Cybersecurity Implications

The breach highlighted significant cybersecurity concerns, particularly the use of an unsecured Firebase storage bucket to store user data. This vulnerability was exploited by an anonymous user who posted on 4chan, sharing a Python script to extract data from the app’s storage. The leak exposed over 59 GB of data, affecting users who joined before 2024 ³.

Ongoing Investigations and Security Measures

Tea has taken several measures to address the breach:

• Disabling Direct Messages: The company has temporarily disabled the direct messaging functionality as a precaution.
• Securing the System: The affected system has been taken offline to prevent further unauthorized access.
• External Assistance: Tea is working with cybersecurity firms and law enforcement to investigate the incident and enhance security measures ⁴.

Conclusion

The data breach at Tea underscores the importance of robust cybersecurity measures in protecting sensitive user data. As the company works to mitigate the risks and secure its systems, users are advised to stay vigilant and monitor for any potential misuse of their information. The incident serves as a reminder for all apps handling sensitive data to prioritize security and user privacy.

Additional Resources

For further insights, check:

• Tea’s Official Data Breach Notification
• BleepingComputer’s Report on the Tea App Leak
• 404Media’s Coverage of the Tea Breach

References

1. Tea (2025). “Data Breach Notification”. Tea for Women. Retrieved 2025-07-29. ↩︎

2. BleepingComputer (2025). “Tea App Leak Worsens with Second Database Exposing User Chats”. BleepingComputer. Retrieved 2025-07-29. ↩︎

3. 404Media (2025). “A Second Tea Breach Reveals Users’ DMs About Abortions and Cheating”. 404Media. Retrieved 2025-07-29. ↩︎

4. Tea (2025). “Update on Cyber Incident”. Tea for Women. Retrieved 2025-07-29. ↩︎