The Tea app, which recently surged in popularity to become the top free app in the Apple App Store, was created to be a virtual whisper network for women. It allowed users to share information and rate their experiences with men, creating what was intended to be a secure community. To ensure the user base was comprised of women, the app required new members to verify their identity by submitting selfies and, in some cases, government IDs, promising anonymity and that this verification data would be deleted after review.
A significant security failure has shattered this promise of safety. A spokesperson for Tea confirmed that hackers breached their systems, accessing a database containing approximately 72,000 images. This cache included around 13,000 highly sensitive verification photos and images of government-issued IDs. The company stated the compromised data was from a database more than two years old that was kept “in compliance with law enforcement requirements related to cyberbullying prevention,” a practice that contradicts its public-facing privacy claims.
The breach appears to be a targeted attack, following a call for a “hack and leak” campaign on the message board 4Chan by users angered by the app’s premise. Shortly after, a user on the platform posted a link allegedly containing the stolen database. Subsequently, troves of the leaked photos began appearing on 4Chan and X, and a user-created Google Map surfaced that purports to show the geographic locations of affected Tea users, further escalating the privacy violation.
In response to the crisis, the Tea spokesperson confirmed the company became aware of the incident early Friday and has taken immediate action. They have reportedly hired third-party cybersecurity experts and are “working around the clock to secure our systems.” The company issued a statement emphasizing that protecting user privacy is their highest priority and that they are taking every necessary step to secure the platform and prevent any further data exposure.
The incident serves as a stark reminder of the vulnerabilities inherent in platforms that collect sensitive personal data, even those built with the intention of creating a secure environment. For the tens of thousands of women who trusted the Tea app with their identity to find a safe community, the leak has turned a promised sanctuary into a source of public exposure and potential danger, fundamentally undermining the app’s core mission of protecting its users.
Reference:
