Tea App Breach: On July 25, 2025, a massive data breach struck Tea, a women-only dating safety app that recently surged to the top of the Apple App Store. Hackers exposed around 72,000 user images, including 13,000 selfies and government-issued IDs used for identity verification. The breach stemmed from an unprotected Firebase database on Google’s infrastructure, allowing unauthorized access to sensitive information. Malicious actors on 4chan and X shared torrents containing up to 60GB of data, including private messages, user posts, and GPS coordinates linked to user profiles.
Tea, a platform created as a secure “whisper network” for women to exchange insights about men in the dating world, requires selfies and IDs to maintain a female-only space. With over 1.6 million users and nearly a million new registrations, the app’s rapid growth amplified the breach’s impact. The exposed data, stored in an outdated system from over two years ago, included driver’s licenses and personal photos, raising fears of identity theft and privacy violations.
Tea’s team acknowledged the incident and is working with cybersecurity specialists to investigate and mitigate further risks. The breach has drawn sharp criticism for the app’s lax security measures, with experts warning about the dangers of storing sensitive data on poorly secured servers. Users are advised to monitor for leaked information and consider identity protection services. This incident highlights the critical need for robust cybersecurity in apps handling personal data, especially those designed to foster trust and safety in vulnerable communities.