Data Breaches
Tea App Data Breach: What Victims Should Know

Tea App Data Breach: What Victims Should Know

Kaelee Nelson, M.A. (Digital Humanities) | Data Analyst & Researcher
Kaelee Nelson, M.A. (Digital Humanities) | Data Analyst & Researcher Author
Updated on 10 min read

In July 2025, the Tea dating app—which has an active user base of more than 6,247,000 women1—became the target of a coordinated data leak. This wasn’t a typical “hack”, but rather a calculated act of doxxing that jeopardizes user safety.

Cybersecurity experts have pointed to this incident as a cautionary tale about the importance of proper security measures—especially for apps handling sensitive personal information. They're also weighing in on what victims of the Tea breach should do next if their personal data was compromised in the leak.

If you used the Tea dating app and worry about the impact this incident may have on your digital privacy, here's a play-by-play on how it happened, why you should care, and what steps to take to ensure you're protected moving forward.

TLDR: Key points to know

  • Tea—a popular dating app described as a “secure, anonymous platform” and the “safest place to spill tea,”1 suffered two major data breaches in July 2025.
  • The leak included user photos, government IDs, private messages, and approximate physical locations plotted on maps.
  • Users who signed up before February 2024 are most at risk.
  • Identity theft, privacy violations, and doxxing are real concerns for impacted users.
  • Those affected should take immediate action to secure their personal safety and online privacy.
If you’ve ever used the Tea app, don’t wait for a data breach notification—sign up for OmniWatch identity protection now to get notified of fraudulent activity.
Protect Your Personal Information Today

What happened in the Tea app data leak?

The Tea data breach happened when unauthorized users accessed the app's exposed data storage system, allowing bad actors to get their hands on sensitive user data, including selfies and government-issued IDs submitted for account verification purposes.

The stolen data was then shared publicly on forums like 4chan, leading to widespread doxxing, harassment, and privacy violations for thousands of women who used the app for dating safety and support.

Reports indicate that the hackers exploited basic security flaws—including the lack of data encryption and access controls. Essentially, the app’s cloud storage wasn’t protected behind strong enough authentication, making it possible for attackers to find and download entire databases with little-to-no resistance.

What’s made the breach even more notorious is that some of the app’s code and infrastructure apparently reused insecure patterns, making it easier for hackers to find and exploit these weaknesses. Instead, the exposed storage left the data essentially public to anyone who knew where to look, which is exactly what hackers did.

This was a direct violation of their own privacy promises and terms of service, which specified that ID verification data would be kept confidential and protected by industry-standard security protocols.

Latest updates on the Tea app

  • 7/8/25 - Yahoo! News reports controversy in public sentiment, with many men expressing anger as the Tea app gains popularity among female Gen Z users. Attorney William Barnwall urges ladies to proceed with caution and warns, "I could see some areas where this could cause people some big problems."
  • 7/24/25 - Tea reports a “massive surge in growth” on Instagram with more than two million user requests to join over the previous few days. The app ranked highly in the Google Play Store for Android users and topped the download charts for free iPhone apps in Apple’s App Store.
  • 7/24/25 - On Thursday evening, Men cry afoul and share stories of false information being spread on Tea. Others reference a “mass attack by feminism” and an alleged lack of accountability for women.
  • 7/25/25 - Tea identifies a cybersecurity incident at 6:44 AM PST and issues a public statement.4 They explain that their legacy data storage system had been compromised, leading to unauthorized access to internal data from prior to February 2024.5
  • 7/28/25 - NBC News reports, “On Google Maps, a user has created a map that purports to show the locations of Tea users that were affected by the hack.”6
  • 7/30/25 - Tea updates its official statement and expands the scope of the initial incident to include unauthorized access to direct messages (DMs) sent privately between users. As a precautionary measure, they took the affected system offline and disabled DM functionality altogether.7

We will continue updating this page as more verified information becomes available.

What data was leaked in the Tea app hack?

The breach exposed not just pictures but also private messages and even some government-issued identification, which made the fallout especially severe for users who expected the app to be a safe space.

  • 72,000 images (government IDs and selfies that were used for account verification purposes)
  • First names/usernames
  • Bio text
  • Approximate geolocation of app activity (radius-based proximity matches)
  • Potential EXIF metadata from uploaded photos that could lead to real-world identification
  • Over 1 million direct messages between Tea users discussing sensitive topics

The leaked Tea data has already been used in nefarious ways. For example, one 4chan user plotted women's geolocation on Google Maps, while another created a website to rate the attractiveness of women based on their identification photos. Both posts have been removed at the time of this writing.

💡
Did you know...?
Most smartphone photos contain GPS, device, and time metadata unless stripped before upload.

Real risks for Tea app users

The Tea leak doesn’t just threaten users' digital identity—it puts their physical safety at risk.

Threats include:

  • Public shaming/doxxing on Reddit, X,  Discord, or other social media
  • Stalking and in-person harassment
  • Impersonation on other platforms
  • Blackmail using private images or message content
  • Deepfake exploitation using leaked images

Tea app Reddit conversations

The breach was first discovered via threads on r/DataLeaks and r/4chanWatch. Key reactions included:

  • Women confirming their photos were leaked despite having deleted the app months ago
  • Security experts noting the lack of HTTPS security protocols on certain Tea endpoints
  • Calls for a class action lawsuit against the Tea app

Reddit is also being used to identify the leak’s origin and share resources for affected users.

What Cyber Security Professionals are Saying

Several cybersecurity professionals and digital rights activists have condemned the Tea data breach.

Ted Miracco

CEO at mobile security maker Approov

"A lot of people presume that if an app is available through Apple or Google, that it's safe. That's the first mistake consumers make."

Rachel Tobac

CEO and co-founder of SocialProof Security

"... anyone whose images were accessed should be more diligent with their credit reports because biometric data 'isn’t going to expire'.”

Richard Blech

CEO and co-founder of AI security firm XSOC Corp

"There’s going to be action on that stolen information. There’s no question about it."

What Tea app users should do now

Even if you no longer use the Tea app, take these immediate steps:

  1. Run a data exposure scan to see if your name, photo, or bio appears on breach forums or 4chan archives.
  2. Lock down your linked accounts (Instagram, TikTok, Snapchat) and remove reused images or usernames.
  3. Enable Google Alerts for your name, photo captions, or aliases.
  4. Use reverse image search tools like PimEyes or Yandex to track photo misuse.
  5. Contact law enforcement if you feel your safety is at risk.
  6. Reach out to women’s legal or privacy organizations (see FAQ).

How OmniWatch can protect you

OmniWatch offers proactive identity protection built for modern digital life—especially for those targeted in breaches like this.

Dark web and identity monitoring for leaked data, including images and user IDs

Scam texts and email detection built with powerful AI algorithms

Credit lock guidance if your PII was exposed

Real-time alerts when your data is posted or reused

Human support — not bots — to walk you through recovery

FAQs: All about the Tea dating app for women

When was the Tea App created?

The Tea App launched in early 2023 with the goal of creating a safer, more inclusive dating space for Gen Z women and LGBTQ+ users.

Who invented the Tea App?

The founders have remained largely anonymous, though LinkedIn data connects the app to a small dev team based in the U.S.

When did the Tea App start taking off?

Tea gained viral traction in late 2024 through TikTok trends and community shoutouts, particularly among college-age women.

How did the Tea App data breach happen?

Though not officially confirmed, security analysts believe the breach involved either admin tool abuse or unauthorized access via API vulnerabilities or internal permissions.

Who was impacted by the Tea App breach?

Hundreds — possibly thousands — of active Tea users, primarily women, were affected. Many profiles were tied to approximate map locations.

What should I do if I find my data leaked?

Take screenshots, report the posts to relevant platforms, document everything, and seek legal counsel or use services like OmniWatch to monitor further exposure.

Will my data be removed from the internet?

Once leaked, data is difficult to fully erase — but platforms and tools like Google Removals or Revenge Porn Helpline can help suppress visibility.

  • Cyber Civil Rights Initiative
  • Legal Aid Societies in your state
  • EFF (for digital rights and advice)
  • Women’s Media Center (offers media + legal guidance)

Is the Tea App safe?

At this time, use of Tea is not recommended until an official response and security overhaul is released.

Is it safe to use dating apps?

Yes — but only if you:

  • Use apps with proven safety track records
  • Avoid uploading real-time location info or identifying metadata
  • Regularly audit permissions and shared data
  • Use tools like OmniWatch to get notified of any suspicious activity

Bottom Line

The Tea App breach is a chilling reminder that dating apps carry real-world risk — especially for women and marginalized users. This isn’t about deleting every app; it’s about equipping yourself with the knowledge and tools to stay safer online.

OmniWatch is here to help — no fear tactics, just facts, tools, and human support when you need it.

Enter your email address and get results in seconds

Hackers and thieves don’t wait and neither should you! See if your passwords have been exposed in a data breach.

References:

  1. https://www.teaforwomen.com/
  2. https://www.yahoo.com/news/dating-safety-app-tea-spills-032844035.html
  3. https://www.washingtonpost.com/technology/2025/07/24/tea-dating-app-women-review-men/ 
  4. https://www.teaforwomen.com/cyberincident?fbclid=PAZXh0bgNhZW0CMTEAAacvSS9fDr3j_V6qsgtWC-I67xkR2r1hfuIpN7g6IPgk3xvW9E7F-ejwsh4P3w_aem_iovnAL9qmrUcfMQlXw6B0w 
  5. https://www.usnews.com/news/business/articles/2025-07-25/tea-an-app-for-women-to-safely-talk-about-men-they-date-has-been-breached-user-ids-exposed 
  6. https://www.nbcnews.com/tech/social-media/tea-app-hacked-13000-photos-leaked-4chan-call-action-rcna221139