The Tea app, a rapidly growing platform designed as a virtual whisper network for women to share information about men, has confirmed a significant data breach. The incident, which came to light on Friday, July 25, 2025, has resulted in the alleged leak of tens of thousands of user selfies and government identification photos online, sparking widespread privacy concerns.
The app, which recently soared to become the top free application in the Apple App Store, gained immense popularity for its unique premise. It allows women to upload photos of men and search for them by name, leaving comments to describe them as ‘red flags’ or ‘green flags’ based on their experiences. Tea’s creator, Sean Cook, stated he was inspired to create the app after his mother’s “terrifying experience with online dating,” which included being catfished and unknowingly dating men with criminal records. The app also claims to offer features like background checks, criminal history searches, and reverse photo searches, and notably donates 10% of its profits to the National Domestic Violence Hotline, a fact confirmed by the hotline itself (NBC News).
To ensure its user base consists solely of women, Tea requires new users to submit selfies for verification. The app states these selfies are deleted after review, and promises anonymity beyond chosen usernames, even blocking screenshots within the platform. Despite these assurances, the company confirmed that hackers gained “unauthorized access to one of our systems,” leading to the exposure of approximately 72,000 images. This figure includes a critical 13,000 verification photos, many of which contained sensitive government IDs like driver’s licenses, alongside 59,000 images that were publicly viewable within the app from posts, comments, and direct messages (NBC News, CNET).
The compromised data reportedly originated from a “legacy data system” that stored information from over two years ago. The breach was first reported on platforms like Reddit and 404 Media, with alleged victims’ identification photos and other images subsequently appearing on the anonymous message board 4chan and X (formerly Twitter). The incident followed a Thursday evening thread on 4chan where users reportedly called for a “hack and leak” campaign against the app, fueled by anger over its premise (NBC News, 404 Media).
In response to the breach, a Tea spokesperson stated that the company became aware of the incident early Friday and has since hired third-party cybersecurity experts. They affirmed that Tea is “working around the clock to secure our systems” and that “Protecting our users’ privacy and data is our highest priority.” The company also stated that, at this time, there is “no evidence to suggest that current or additional user data was affected.” However, some users have reported ‘screen loading’ issues on the app following the news (Hindustan Times).
The Tea app’s rapid rise has not been without controversy. While many women lauded it as a crucial safety tool, some men online expressed fears of being misrepresented or doxxed. Concerns have also been raised by some users, and others, that the app could facilitate cyberbullying unrelated to genuine safety issues. In a retaliatory move, a men-only version of the app, ‘Teaborn,’ briefly emerged but was quickly removed from the App Store after its creator reportedly called out users for posting revenge porn. Furthermore, social media reports indicate that some individuals are allegedly creating maps to track women who used the Tea app, framing it as retaliation for perceived doxxing of men (Times Now News).
This incident underscores the inherent risks associated with online identity verification and the challenges of maintaining privacy in digital spaces. As Tea continues its investigation, the breach serves as a stark reminder that even platforms designed for safety can become targets, highlighting the critical need for robust cybersecurity measures and user vigilance.
