The app has more than 4.64 million users.
The women-focused Tea Dating Advice app suffered a data breach leading to the leak of thousands of personal images belonging to its users, the company said in a July 26 Instagram post.
“At 6:44 a.m. PST on 7/25, we identified unauthorized access to our systems and immediately launched a full investigation,” the company said in an official statement.
“A legacy data storage system was compromised, resulting in unauthorized access to a dataset from prior to February 2024.
“This dataset includes approximately 72,000 images, including approximately 13,000 selfies and photo identification submitted by users during account verification, and approximately 59,000 images publicly viewable in the app from posts, comments, and direct messages.”
Tea aims to “revolutionize dating safety” for women by providing them with the necessary tools, insights, and a community, according to the company, which said the app has more than 4.64 million users.
“With features like Reverse Image Search to catch catfish, Phone Number Lookup to check for hidden marriages, and Background Checks to uncover criminal records, Tea ensures that women have the information they need before meeting someone new,” the company said.
Tea clarified that no email addresses or phone numbers were stolen in the breach and said that only users who signed up for the app prior to February 2024 were affected.
According to the company’s privacy policy, when users submit a selfie for verification purposes, it is “securely processed and stored only temporarily and will be deleted immediately following the completion of the verification process.”
In its statement, Tea said the selfies were archived to comply with law-enforcement requirements related to preventing cyber-bullying.
“At this time, we have no evidence to suggest that photos can be linked to specific users within the app,” the company said.
The data leak was earlier reported on the 4chan forum. However, an archived version of the 4chan post said that “Tea App uploads all user verification submissions to this public firebase storage bucket,” suggesting that information was available publicly, without any authentication required to access it.
The Epoch Times reached out to Tea for comment, but did not receive a response by publication time.
