Tea, an app designed to let women safely discuss men they date, has been breached, with thousands of selfies and photo IDs of users exposed, the company confirmed on Friday.
Tea said that about 72,000 images were leaked online, including 13,000 images of selfies or selfies featuring a photo identification that users submitted during account verification. Another 59,000 images publicly viewable in the app from posts, comments and direct messages were also accessed without authorization, according to a Tea spokesperson.
No email addresses or phone numbers were accessed, the company said, and the breach only affects users who signed up before February 2024.
“Tea has engaged third-party cybersecurity experts and are working around the clock to secure its systems,” the company said. “At this time, there is no evidence to suggest that additional user data was affected. Protecting tea users’ privacy and data is their highest priority.”
Tea presents itself as a safe way for women to anonymously vet men they might connect with on dating apps such as Tinder or Bumble — ensuring that your date is “safe, not a catfish, and not in a relationship.”
RELATED STORY | Aflac breach may have exposed Social Security numbers, personal data
“Tea is a must-have app, helping women avoid red flags before the first date with dating advice, and showing them who’s really behind the profile of the person they’re dating,” reads Tea's app store description.
404 Media, which earlier reported the breach, said it was 4Chan users who discovered an exposed database that “allowed anyone to access the material" from Tea.
“While reporting this story, a URL the 4chan user posted included a voluminous list of specific attachments associated with the Tea app. 404 Media saw this list of files. In the last hour or so, that page was locked down, and now returns a “Permission denied” error,” 404 Media reported Friday.
Tea said in an Instagram post this week that it has reached 4 million users.
