When a security breach compromised the Tea dating advice app‘s legacy storage systems on July 25, 2025, approximately 72,000 images belonging to female users were exposed to unauthorized access. The incident, detected at 6:44 AM PST, affected a significant portion of the app’s 4 million registered users who had verified accounts or actively posted content between 2022 and early 2024.
A major security breach at Tea dating app exposed 72,000 user images from legacy storage systems to unauthorized access.
The compromised data included 13,000 identity verification images consisting of selfies and government-issued identification documents. Users submitted these materials as part of Tea’s verification process, which required legal identification held next to their faces. The remaining 59,000 exposed images originated from in-app posts, comments, and direct messages shared within the platform’s community discussions.
Tea operates as a women-only application focused on dating advice and reviews rather than direct matchmaking services. Users post commentary about men and share personal dating experiences, creating a repository of sensitive personal information. The app’s recent explosive growth resulted in a waitlist of approximately 900,000 accounts, highlighting its popularity among female users seeking dating guidance. The platform prohibits screenshots as an additional privacy protection measure for its users.
The breach occurred through legacy data storage systems rather than the company’s current primary database. Archived verification data was retained longer than typical owing to ongoing law enforcement inquiries and compliance with cyberbullying prevention regulations. Preliminary examinations identified outdated security configurations as the primary vulnerability that facilitated unauthorized access. Small businesses facing similar breaches often experience devastating financial impacts, with 60% failing within six months of a cyberattack.
Following detection of suspicious activity, Tea immediately engaged third-party cybersecurity experts to examine the incident and secure their systems. The company issued statements promising improved security measures and committed to notifying affected users. Current findings indicate no evidence that phone numbers or email addresses were compromised in this specific breach. Users can perform phone number lookups and access background check features within the application.
The exposure creates substantial risks for affected users, including potential identity theft, harassment, and digital stalking. Leaked verification documents containing names, photos, and contextual details could facilitate malicious impersonation schemes.
This incident reflects broader trends affecting dating and social applications, where legacy systems and inadequate data protection create ongoing privacy vulnerabilities. Regulatory scrutiny continues increasing regarding how dating services store, protect, and dispose of sensitive user information.
