Tea, a women-focused dating advice platform, has confirmed a significant data breach - approximately 72,000 images, including selfies and photo IDs used for verification, were accessed by malicious actors. The breach affected users registered prior to February 2024, while no email addresses or phone numbers were exposed.
Tea’s management acknowledged the breach detected following a report from 404 Media and promptly engaged independent cybersecurity experts to secure systems and conduct a full investigation. The exposed images comprised nearly 13,000 selfies and ID photos used in account verification and around 59,000 images from user submissions – including posts, comments, and direct messages.
The platform is designed for verified female users to post anonymous reviews of men they’ve encountered, providing a Yelp‑like experience aimed at promoting safety and transparency in dating. As its user base surged to over two million access requests, the volume of sensitive image data at risk increased substantially. Though the app deletes user selfies after verification, some of that data persisted in older pre-2024 storage systems, which hackers targeted. Tea emphasized that no contact or login data was compromised.
Tea, which allows verified women to anonymously review their dating experiences with men in a format similar to Yelp, has recently seen a surge in popularity. According to a recent Instagram update from the company, over two million new user requests have been made in just the past few days. Critics warn that while Tea’s model aims for protection – and may be able to provide it properly for newer users – this older data raises serious legal risks, especially given Tea’s nature as a platform built around anonymous thoughts, confessions and stories related to real-world relationships and dating choices.
