.png){kind=logo}
A major data breach has compromised the safety and privacy of users on Tea, an anonymous dating app designed for women. Cybersecurity reports indicate that hackers accessed over 72,000 user images, including selfies and images of government-issued IDs.
The recent breach was discovered by independent security researcher Jeremiah Fowler, who exposed a 21.4 GB database that was left unprotected. The data was found on a misconfigured server that lacked both a password and encryption. According to reports, the breach includes sensitive information such as facial photos, screenshots of conversations, driver's licenses, and national identity cards.
Tea launched in 2023 as a safe and anonymous platform for women seeking genuine connections. The app emphasizes privacy and female empowerment. However, the recent security incident has raised significant concerns. It revealed that hackers were able to steal user IDs and selfies by exploiting an unprotected server. This incident undermines Tea's fundamental claims and raises doubts about the platform’s security protocols.
Fowler said that the leaked data could easily be connected to real-world identities. "This type of personal data, especially in the context of a dating app, is highly sensitive," he said. "It puts users at risk of identity theft, stalking, and online harassment."
The exposed server was left in this vulnerable state for quite some time, which allowed people to download and potentially misuse the data. Cybersecurity analysts have not yet determined who is responsible for the attack or if the data has been sold on the dark web.
Tea hasn’t yet commented publicly on the matter. Attempts by the media to reach the company have gone unanswered. It also remains unclear whether affected users have been informed.
Experts are already criticizing Tea for failing to protect user information, especially when it involves personal and intimate details. "For a platform that claims to empower women, neglecting basic security is unacceptable," said Lisa Grant, a digital privacy advocate.
According to Grant, these issues are occurring more frequently in niche social apps that rapidly expand without sufficient backend security in place. "Startups usually go for user acquisition and features, but forget that trust is established through data protection," she added.
Also Read: 10 Best Dating Apps In India
Regulatory bodies may soon be involved. According to data protection laws in several jurisdictions, including the EU's General Data Protection Regulation (GDPR), companies are required to inform users about breaches and to take immediate corrective actions.
In response, cybersecurity professionals recommend that affected users monitor their accounts, change their passwords, and stay alert for potential phishing attacks. It may also be helpful to consider identity theft monitoring in these situations.
The Tea dating app data breach gives a sharp impetus for reinforcing privacy threat considerations faced by users when disclosing personal data online, even on platforms that claim to offer anonymity. This incident highlights the urgent need for robust privacy protections, responsible data management, and prompt transparency in the event of a breach.
With no official response from Tea yet, nobody appears to be able to guarantee the safety or trust of their information before the platform attempts to regain it.
