Skip to main content

Secrets spilt: the Tea app leaks

15th August 2025

An app designed to make dating safer for women may have just put them at risk: how did the breach happen?

The Tea app, based in the US, was created in 2023 with the goal of reducing the risks of online dating for women. With other women posting reviews of men they had dated, access to background checks and reverse image searches and tools used to detect fake profiles, Tea was used by many to make dating safer.

Though there is a wider discussion to be had around the ethics of such an app, we are interested instead in the massive data leak that occurred recently. According to various publications,* 72,000 user images were exposed, including 13,000 ID verification photos (so selfies, driver’s licenses, passports and 59,000 public and private images from posts and messages).

Due to a misconfigured database – a very common issue with cloud services – this information was breached and shared online. The data came from an archived version of the app, meaning only those who joined before February 2024 were impacted, but that still resulted in a lot of identities and information being leaked.

Data was poorly handled: it was kept alongside public content, and archived data wasn’t properly isolated or encrypted, making it easy to access. Users weren’t clearly informed about the risks of having data archived on the site, highlighting the need for transparent data retention policies.

Ultimately, Tea has broken trust with their users. The app promised a safe space to talk to others about potentially dangerous individuals, but now their details are publicly available, increasing the risk of doxxing, stalking or harassment.

So, what can we learn? Data minimisation and encryption should be the baseline for protecting online data, and cloud services need to be configured carefully and correctly. It is yet to be seen if Tea will recover from the bad press the hack has encouraged, but with the loss of user trust, it may never be seen as a safe environment again.

If you would like any tips on encryption, cloud security or anything else cyber security related, please contact Interfuture Security.

*https://www.techradar.com/computing/software/the-tea-app-hack-explained-how-a-data-breach-spilled-thousands-of-photos-from-the-top-free-us-app-and-what-to-do

YouTube: https://youtu.be/LsplNnFJ2M8

Back to top