Excerpt from BleepingComputer Article, Published on July 28, 2025
The Tea app, a popular women-only dating safety platform, has experienced a critical data breach that has severely compromised user privacy. Initially, an unsecured Firebase storage bucket exposed approximately 72,000 images associated with the app. These images include 13,000 selfies and photo IDs submitted for identity verification, as well as 59,000 publicly viewable images from posts, comments, and direct messages. The breached data primarily affected users who registered before February 2024 and was stored in a legacy system that was not fully transitioned to newer security measures.
Worsening the situation, a second database leak has surfaced containing about 1.1 million private messages exchanged by users from early 2023 to recently. These chats include highly sensitive conversations on topics such as cheating partners, abortions, and personal phone numbers. A cybersecurity researcher revealed that any Tea app user could have accessed this private message data using their own API key, exponentially increasing the risk of exposure.
Tea app confirmed both breaches, took affected systems offline, and is working intensively with third-party cybersecurity experts and law enforcement to investigate and contain the incident. The company has assured users that no evidence points to access beyond the compromised systems. Additionally, it plans to offer free identity protection services to those impacted by the leaks.
What was designed as a safe space for women to share experiences about men has tragically transformed into a vulnerability, exposing sensitive personal information and sparking harassment, including the creation of sites where leaked selfies are rated publicly. This incident underscores the importance of robust data security, especially for platforms dealing with intimate user content.
To delve deeper into this topic, read the BleepingComputer article.
