In a notable data breach involving the women-only dating app Tea, over 72,000 images, including approximately 13,000 selfies and photo ID submissions, were exposed, raising serious concerns regarding user privacy and security. The breach, disclosed on July 25, 2025, came shortly after the app’s viral popularity, which saw it reach the top position in the Apple Store in mid-2025, thereby increasing the potential victim count considerably.
The nature of the exposed data is alarming, as it included not only submitted selfies but additionally users’ identification cards used for account verification. These selfies and personal identification documents are particularly sensitive, presenting substantial risks of identity theft when made available publicly. Reports indicate that the affected images originated from an unsecured database on Google Firebase, which was accessible without authentication, granting indiscriminate access to hackers. Users experiencing high data usage from their devices could have been an early warning sign of the breach.
Following the breach, a myriad of images appeared on the hacking forum 4chan, where users began sharing and searching for others’ selfies and identification documents. The lack of email addresses or phone numbers in the exposed data provides a limited scope for personal identifiable information; yet, the inclusion of sensitive biometric images raises serious doxxing concerns. Additionally, the breach involved archived data from before 2024, further complicating the situation as many users unknowingly have their information at risk.
Affected individuals face potential threats to their privacy and personal safety as images circulate freely across the internet. Tea’s user base includes over 4 million registered users, with this breach stringently affecting those who signed up prior to February 2024. The app had been perceived as a safe platform, largely due to its commitment to user privacy, making this breach particularly disconcerting for users.
In response, the company hired third-party cybersecurity experts to examine the breach, assuring users that no additional personal contact details were compromised. Improved security measures were afterward implemented to fortify user privacy.
As Tea navigates the repercussions of the breach, user trust remains a critical factor in its future. Although the company has established protocols to protect its users, the implications of the incident underscore the persistent vulnerabilities inherent in digital identity verification systems and the profound risks posed by data breaches in increasingly popular applications.
