A women’s dating safety app that promised privacy is now facing backlash after two back-to-back breaches exposed deeply personal data, from selfies to sensitive conversations.
A viral dating safety app designed for women, Tea, has experienced two significant data breaches in quick succession. The breaches exposed highly sensitive user information, including selfies, identity documents, and over a million direct messages.
The first breach involved an exposed Firebase database containing user selfies and ID images, which later appeared on image boards. The second breach, discovered by security researcher Kasra Rahjerdi and verified by 404 Media, involved a separate, more recent database that included private user conversations.
Tea users shared personal details in these messages, including discussions of abortions, cheating partners, and other sensitive conversations. Many had also included identifying information like phone numbers and social media handles.
Despite Tea’s anonymous user setup, real identities were easily uncovered due to the nature of these conversations.
The app briefly responded to the first breach by stating it involved outdated data and that no current user data was affected. However, the second breach reportedly included messages sent as recently as the week of disclosure.
Following publication of the findings, Tea took its direct messaging feature offline and stated it had launched a full investigation with outside cybersecurity firms. A public statement noted the company was working to contain the incident and had contacted law enforcement.
Users take Tea to task, lawsuits begin rolling in
The exposed data was later used by outside actors to create a ranking site where leaked selfies were compared and rated, adding further distress for affected users. Tea had required selfie verification to ensure only women accessed the platform — a measure that backfired in light of the breach.
As a result, a California woman named Griselda Reyes filed a class action lawsuit against Tea, citing the company’s failure to safeguard personally identifiable information. The lawsuit, filed by a firm specializing in data breaches, alleges the incidents were preventable and that victims were not directly notified.
The lawsuit highlights a broken sense of trust for many women who joined Tea believing it was a safer alternative in the online dating space. The law firm handling the case, Cole & Van Note, suspects more suits will be filed against Tea.
Tea is still available on the iOS App Store, ranking as number one in lifestyle at time of publication, and number 4 in the top free apps.
