FILE – The Tea app logo displayed on a smartphone screen. The women-only dating safety app is facing mounting backlash after a data breach exposed thousands of user images, sparking concerns over privacy, online harassment, and how the leaked content (Photo Illustration by Thomas Fuller/SOPA Images/LightRocket via Getty Images)
LOS ANGELES – Tea, the women-only dating safety app that surged to the top of the App Store this month, is now facing growing backlash—not only for a massive data breach, but for how the exposed information is being misused online.
In the days following the leak of 72,000 images, internet trolls reportedly created a now-deleted website where users could view and rate women whose selfies were among the stolen files. A separate map, still circulating online, allegedly plots locations tied to those same leaked photos—raising new fears about stalking and real-world targeting.
Why some say this wasn’t a hack
The backstory:
Tea confirmed in a statement that an old database containing approximately 72,000 images—including 13,000 selfies and photo IDs—was accessed without authorization. The company blamed the breach on a “legacy data storage system” that had not been properly secured.
But multiple reports argue this wasn’t a traditional hack. According to 404 Media, which first broke the story, the breach was discovered by users on 4chan who accessed the files through a publicly available URL. The site reported, “a URL the 4chan user posted included a voluminous list of specific attachments associated with the Tea app… that page was locked down, and now returns a ‘Permission denied’ error.”
In a TikTok video posted July 26, software engineer and content creator Frank Niu echoed that sentiment, saying the situation was less a hack and more “poor programming.”
“They used no security measures whatsoever and anyone could have found this information pretty easily,” Niu said.
Tea said the archived data was kept online “in accordance with law enforcement requirements related to cyber-bullying investigations,” but acknowledged it should have been moved to “a new fortified system.”
What we know:
Tea confirmed:
- The exposed images included selfies, photo IDs, and app content from posts and messages.
- Only users who signed up before February 2024 were affected.
- No email addresses or phone numbers were exposed, per the company.
Tea says it is working with third-party cybersecurity experts and has implemented new security measures.
What we don’t know:
It’s still unclear:
- Whether impacted users will be notified directly.
- If Tea will offer assistance with identity protection or credit freezes.
- Whether the leaked data is still being redistributed or used elsewhere.
Tea has advised concerned users to reach out to support@teaforwomen.com.
Weaponizing the leak: The site, the map, and the backlash
What they’re saying:
Shortly after the breach, a website appeared at spill.info.gf, where users could allegedly browse leaked Tea user selfies and rate them. The domain has since gone offline, but not before drawing backlash across social media.
On X, creator Brian Atlas posted: “There’s now a site where you can search every girl on the Tea app and rate them,” linking to the page.
Separately, The New York Times reported that a Google Map had surfaced online showing coordinates extracted from the leaked photos. While the map did not contain names, the Times noted it could not verify whether the locations were accurate or linked to specific users.
Meanwhile, a columnist for The Times of London described Tea as a “man-shaming site,” writing: “This is simply vigilante justice, entirely reliant on the scruples of anonymous women. With Tea on the scene, what man would ever dare date a woman again?”
Aaron Minc, an attorney who specializes in online defamation and harassment, told Reuters, “Over the last couple of weeks, we’ve gotten hundreds of calls on it. It’s blown up. People are upset. They’re getting named. They’re getting shamed.”
Big picture view:
Tea’s mission was to protect women from unsafe dates by letting them share anonymous reviews of men they’ve encountered. But the very verification process designed to ensure user safety—uploading selfies and photo IDs—has now made some users targets.
According to Tea’s privacy policy, verification photos are “securely processed and stored only temporarily.” However, the company said the breached dataset included older images that were archived to comply with law enforcement guidance on cyberbullying.
While Tea insists “there is no evidence to suggest that photos can be linked to specific users within the app,” the real-world risk looms large. The leak has sparked concerns about identity theft, doxxing, deepfakes, and harassment.
Some critics say Tea’s rapid growth—4 million users and a 525% spike in downloads in one week, according to Sensor Tower—may have outpaced its infrastructure.
What’s next:
Tea says the vulnerability has been fixed, and that new security protocols are in place. But the company has not said whether it will take further steps to support the women affected by the breach.
Users who suspect their data was compromised are being urged to:
- Contact Tea support directly
- Consider replacing photo IDs
- Freeze their credit and monitor for identity theft
The full scope of the breach, and how widely the data has spread, is still being investigated.
The Source: This report is based on confirmed statements from Tea, reporting from 404 Media, CNET, The New York Times, and Reuters. Quotes were sourced directly from published articles or public social media posts, including a tweet by Brian Atlas and commentary from attorney Aaron Minc via Reuters. TikTok commentary by Frank Niu was viewed on his verified account and referenced with direct attribution. Additional legal context was provided by Bloomberg Law and The Times of London.
