Ethical Hacking News
Tea, a popular women-only dating safety app, has been hacked, exposing thousands of users' personal data, including images, posts, and comments. The breach occurred in July 2025 and affected around 72,000 images and 1.1 million user messages. Tea is working to strengthen its security measures and prevent similar breaches in the future.
Tea, a women-only dating safety app, was compromised by hackers in July 2025, exposing the personal data of thousands of users. The breach affected over 1.6 million members in the United States and included images, posts, and comments of affected users leaked online. The app's approach to user verification and potential defamation raised criticism before the breach. The breach was caused by unauthorized access to a legacy data storage system prior to February 2024. Contact details such as email addresses or phone numbers were not accessed in the breach, but only users who signed up before February 2024 were affected. The company is working to strengthen its security protocols and mitigate potential risks after acknowledging the gravity of the situation.
Tea, a women-only dating safety app launched in 2023, has been compromised by hackers, exposing the personal data of thousands of users who shared anonymous "red flag" reports on men. The breach, which occurred in July 2025, saw images, posts, and comments of affected users leaked online.
The app, designed to assist women in assessing and reviewing potential partners using real-time safety tools, has over 1.6 million members in the United States. Its features include a reverse image search tool, phone lookups, and background checks to assess potential partners. Users can also participate in anonymous group chats for sharing dating experiences in a moderated, private space.
However, despite its safety-oriented design, Tea faced criticism from some quarters regarding its approach to user verification and the potential for defamation. The app required ID verification, but stored user data in an unsecured Firebase bucket, making it vulnerable to exploitation by hackers.
According to a statement published by the company, the breach was caused by unauthorized access to a legacy data storage system prior to February 2024. This dataset included approximately 72,000 images, including selfies and photo identification submitted by users during account verification. Additionally, around 59,000 images publicly viewable in the app from posts, comments, and direct messages were also exposed.
Fortunately, contact details such as email addresses or phone numbers were not accessed in the breach, although only users who signed up before February 2024 were affected. Following the discovery of the data breach, Tea took swift action to contain the incident and launched a full investigation with external cybersecurity firms.
The company claimed that the breached photos "can in no way be linked to posts within Tea", but some experts have raised concerns about the potential risks associated with this statement. BleepingComputer reported that hackers were able to leak a second database containing 1.1 million private user messages, further exacerbating the breach's impact.
The leaked data included sensitive topics such as abortion and infidelity, which may pose risks for affected users. It has been discovered that any user with an API key could access this data, highlighting the need for improved security measures to prevent similar breaches in the future.
In light of these revelations, Tea has acknowledged the gravity of the situation and is working closely with cybersecurity experts to strengthen its security protocols and mitigate potential risks. The company's efforts have included fixing a flaw that exposed user data and enhancing its defenses to prevent further breaches.
As this incident highlights the vulnerabilities of even safety-focused apps, it serves as a reminder for users to exercise caution when sharing personal data online and to demand greater transparency from companies regarding their data protection measures.
Related Information:
https://www.ethicalhackingnews.com/articles/Hacking-a-Haven-The-Exploitation-of-Tea-A-Womens-Dating-Safety-App-ehn.shtml
https://securityaffairs.com/180539/data-breach/hackers-leak-images-and-comments-from-women-dating-safety-app-tea.html
Published: Tue Jul 29 15:03:10 2025 by llama3.2 3B Q4_K_M
