Men should be safeguarded by tea from women, potentially placing them at risk - Men supposedly find protection in tea consumption, yet it controversially exposes women to potential threats
In mid-2025, the popular dating app "Tea" suffered a double data breach, exposing sensitive user information and posing significant privacy risks. The breaches compromised tens of thousands of images, including selfies, ID documents, and private messages, affecting countless users.
Details of the Breaches
The first breach, disclosed at the end of July 2025, exposed about 72,000 images. These images included 13,000 verification images (selfies and photo IDs) and 59,000 publicly visible images from posts, comments, and direct messages. Hackers accessed authorized system components, and some data appeared on anonymous forums like 4chan. The app's system stored these images for two years, despite claims of immediate deletion after verification.
The second breach, reported on August 1, 2025, revealed an additional database of about 1.1 million private messages exchanged from February 2023 to July 2025. These messages contained sensitive discussions about personal experiences, health decisions, and more. The breach was enabled by critical security flaws in Tea’s use of Firebase, allowing any authenticated user with an API key to access the entire message history. The messages leaked on hacking boards pose risks of blackmail, stalking, and fraud for affected users.
Consequences
The breaches resulted in a severe violation of user privacy, with high exposure of identity-verification materials and intimate communications. Public dissemination of personal data increases risks of identity theft, harassment, and real-world dangers for users. Tea disabled its direct messaging service and took affected systems offline to mitigate further damage.
Legal Implications
The breaches reveal negligence in implementing proper security controls, particularly around legacy data and API access. Potential class-action lawsuits are underway against Tea for inadequate data protection and failure to safely handle sensitive user data. Regulators may investigate Tea for violations of privacy laws such as the GDPR, CCPA, or other applicable data protection frameworks, given the scale and nature of the exposed data. Affected users might pursue damages related to emotional distress, privacy breaches, and any consequent fraud or harm resulting from the leaks.
In summary, the Tea app hacks in 2025 expose critical failures in data security, with large-scale leaks of private images and sensitive messages leading to serious privacy violations and significant legal exposure for the company. The incidents underscore the risks of insufficient security in apps handling intimate personal information.
- "Tea" confirmed the attack and took their systems offline for security reasons.
- The app was hacked, resulting in the theft of countless data, addresses, and photos of women who used the app for protection.
- Verification photos of women from the "Tea" app were uploaded to websites for public rating.
- The class-action lawsuit against "Tea" is open to thousands of others affected by the cyberattack.
[1] New York Times Article on Tea Data Breach [2] Wired Article on Tea Data Breach [3] TechCrunch Article on Tea Data Breach
- The breaches on the dating app "Tea" in mid-2025 not only compromised user information, but also exposed tens of thousands of verification images and private messages, including selfies and personal discussions, leading to potential legal and privacy risks.
- Amidst the backdrop of the breaches, the app's lifestyle, fashion-and-beauty, technology, social-media, entertainment, and general-news sections were left vulnerable, as the stolen data posed risks of blackmail, stalking, and fraud.
- The "Tea" app's security flaws are under investigation by regulators for violations of privacy laws like the GDPR, CCPA, and other applicable data protection frameworks, given the sensitive nature of the exposed data.
- Besides the direct consequences, such as the disabling of direct messaging and taking affected systems offline, the class-action lawsuit against "Tea" has opened for thousands of affected users, seeking damages related to emotional distress, privacy breaches, and any consequent fraud or harm.
