Dating platforms that promote privacy and modesty often fall short on their promises. For example, Ashley Madison, a site tailored for those seeking extramarital affairs, suffered a significant data breach in 2015. Hackers disclosed personal information of 32 million users, including emails and financial details, causing public outrage and even leading to legal actions and reported suicides.
Currently, a dating safety application, TEA, is dealing with its own set of security issues. This app, designed for women, has faced problems with compromised selfies and photo identification, as well as image breaches stemming from user posts and direct messages.
Insights on the TEA Data Breach
Launched in 2023, TEA aimed to be a “safety” app for women, initially requiring selfies and government-issued IDs for verification. However, those ID checks were dropped later that year. The app surged in popularity in July 2025, topping U.S. app store charts with millions of downloads.
On July 25, users on 4Chan found a publicly available Firebase storage bucket containing TEA user data (as reported by 404Media). One post exclaimed, “Photos of the driver’s license and face! Get **** here before they shut down!”
TEA confirmed that the breach involved unauthorized access to an old database with around 72,000 images, which included 13,000 selfies and ID photos along with 59,000 images from various user interactions. This data specifically pertained to users who registered before February 2024.
The company acknowledged that the violation stemmed from a legacy system that hadn’t transitioned to current security protocols. Fortunately, they stated that no email addresses or phone numbers were leaked and emphasized that only older users were affected.
However, independent researcher Kasra Rahjerdi, alongside insights from 404Media, revealed that the breach was broader, exposing around 1.1 million direct messages exchanged between early 2023 and July 2025. These communications included sensitive topics such as abortions and misconduct, not to mention personal details like phone numbers and meeting plans.
In response, TEA disabled its direct messaging function and relocated the affected messaging system offline. The company stated that they found no evidence suggesting any compromise of other aspects of their infrastructure.
Impact of TEA App Breaches on Users
This data breach is a nightmare for users and highlights how some companies neglect their commitment to user privacy. TEA had presented itself as a safe environment for women to share personal experiences, but this breach contradicted that expectation.
It wasn’t just a matter of usernames and emails; this included government IDs, selfies, and the private messages of 1.1 million users discussing intimate subjects. Such violations leave an indelible mark, and once shared, these images and conversations are virtually immortal.
TEA marketed itself as something entirely different, which meant users had reasonable grounds to expect stricter privacy safeguards. The leaks also intersected with malicious online communities, making victims susceptible to harassment and doxxing.
Steps to Protect Yourself from TEA Data Breaches
If you’ve used TEA or have registered, it’s crucial to take proactive steps to safeguard your privacy. Here are six measures you can take:
1) Enroll in Personal Information Theft Protection
If your ID was included in the leak, you may face risks related to impersonation. Identity theft protection services can alert you to suspicious activity and help mitigate potential damage.
2) Utilize a Personal Data Removal Service
Leaked selfies and names can appear on various search sites. Personal data deletion services can assist in removing personal information from the Internet, although none can guarantee total erasure.
3) Change Your Password and Enable Two-Factor Authentication (2FA)
Be aware that attackers often cross-reference usernames and reuse passwords. Update your passwords and enable 2FA for added security.
4) Stay Alert to Phishing Attempts and Use Robust Antivirus Software
After a significant data breach, it’s common for victims to receive malicious messages. It’s crucial not to engage with or click on suspicious links.
5) Monitor Where Your Images Are Shared
Utilize reverse image search tools to check if your photos are being circulated elsewhere. If you find unauthorized postings, document them and report them to the respective platforms.
6) File a Complaint with Regulatory Authorities
If you believe your data protections have been compromised, consider filing a complaint with the Federal Trade Commission (FTC) or your local data protection agency. This step may prompt action from the company involved.
Final Thoughts
It’s incredibly disappointing when platforms that claim to protect user privacy fail at such a fundamental level. The data shared by users in good faith may now expose them to serious risks. With the increasing amount of sensitive information shared online, shouldn’t there be stricter security measures in place? Feel free to share your thoughts on this subject.
