An application designed to let women conduct background checks on men they encounter online has experienced a data breach.
On Friday, July 25, it was confirmed that the security breach exposed thousands of user-uploaded images on the Tea app. This incident raises significant concerns regarding user privacy and security, as some posts within the app might also have been compromised.
The app, which has been used by millions of women across the United States, reached the top spot on Apple’s app store for free apps this week.
The initial indications of this security breach appeared earlier in the week on 4Chan.
The app was launched in 2023 by Sean Cook, motivated by his mother’s “terrifying” experiences in online dating, which included unknowingly dating individuals with criminal backgrounds. His aim was to foster a safer online dating environment for women.
The app allows users to perform background checks and search for criminal records of individuals they meet online. It also offers a reverse image search to verify if someone is using misleading photos, commonly known as catfishing.
Users of Tea are required to take a selfie to confirm their identity as women, with these images reportedly being deleted from the system afterward.
The breach reportedly affected approximately 72,000 images, including 13,000 verification selfies and images of government identification, according to the company. Additionally, the Associated Press noted that another 59,000 images, visible within the app’s network through direct messages, posts, and comments, were accessed without permission.
It is believed that only users who registered on the platform before February 2024 were impacted by the breach.
“At this time, there is no evidence to suggest that additional user data was affected,” stated the company.
“Tea has engaged third-party cybersecurity experts and are working around the clock to secure its systems. Protecting our users’ privacy and data is our highest priority. Tea is taking every necessary step to ensure the security of our platform and prevent further exposure,” the spokesperson added.
The identity of those responsible for the breach remains unknown.
A thread on 4Chan appeared on Thursday evening, advocating for a “hack and leak” of the Tea app. The following morning, a social media user shared a link claiming to provide access to a database containing the stolen images.
According to NBC News, photos allegedly from app users have since been posted on 4Chan and X, formerly known as Twitter.