Tea App Data Breach Exposes Sensitive Images

Tea Dating Advice confirmed a July 2025 breach affecting 4,244 users, exposing sensitive PII, identity documents, and private images, raising concerns over larger-scale data exposure.
Tea App Data Breach Exposes Sensitive Images
Table of Contents
    Add a header to begin generating the table of contents

    The Tea Dating Advice app, once promoted as a “secure” female-only space for women to share sensitive dating experiences, has disclosed details of a significant data breach. The platform has begun issuing breach notification letters to affected users, one month after reports surfaced of its compromise.

    According to Tea, just 0.1% of its user base—about 4,244 women out of more than four million registered accounts—were directly impacted. However, the extent of the exposure and the sensitivity of the data involved suggest the true impact may reach far wider than initially disclosed.

    Breach Notification and Initial Findings

    Tea confirmed that its systems were breached twice in 2025, with the latest incident detected in July. The company acknowledged that attackers infiltrated one of its legacy data storage systems that contained both personal data and sensitive images.

    The breach notification letter outlined that multiple forms of personally identifiable information (PII) may have been compromised, including:

    • Dates of birth
    • Driver’s license numbers
    • Passport numbers
    • Government identification numbers

    This exposed data provides cybercriminals with the opportunity to commit identity theft, financial fraud, or launch targeted phishing campaigns. The company added in its disclosure:

    “There are indications of unauthorized access to most or possibly all the records in the file storage location.”

    Sensitive Images Among the Exposed Data

    The compromised storage system contained a variety of images used to verify accounts and support platform features. Among the exposed records were:

    • Approximately 13,000 selfies and identity verification photos submitted by new users
    • Around 59,000 images that were publicly accessible through the app

    The app was designed to let women upload sensitive information and images related to men they were dating, often to flag potentially harmful behavior. Following the breach, it became clear that attackers gained access to highly personal content.

    Independent security researchers told 404 Media that hackers may have accessed far more than what Tea has disclosed. This could include private conversations on topics such as infidelity, abortions, and sensitive personal details like phone numbers.

    Broader Implications of the Breach

    While Tea has publicly stated the number of affected users remains small, cybersecurity experts caution that the true scope of the breach may be larger. If unauthorized actors indeed accessed the full file storage environment, attackers could possess far more sensitive user content and platform data than officially confirmed.

    The application, which was taken offline after the second breach, allowed women to:

    • Share private information about men to warn others about potential risks
    • Upload photos of men to identify scammers or unfaithful partners
    • Conduct background checks for criminal records
    • Access a database of registered sex offenders

    This functionality meant the system stored not only traditional PII but also private relationship data that, if leaked, could cause significant reputational and personal harm to its users.

    Investigation and Security Concerns

    The company maintains that its investigation into the July 2025 breach is still ongoing. However, the fact that attackers gained access to a legacy storage system has raised questions about Tea’s overall data security practices. Enterprises watching this case note the risk of legacy systems becoming weak links in cybersecurity architecture, especially when storing unencrypted or poorly segmented sensitive data.

    While Tea stated that the malicious activity has subsided since the breach was discovered, affected devices and compromised data remain at risk. The potential misuse of stolen government IDs and sensitive documents underscores the severity of the breach.

    Related Posts