Major Data Breach Exposes 72K Images on Tea Dating App
Tea, a women's safety-focused dating app, admitted last week that attackers accessed a legacy data system and exposed roughly 72,000 images. The leaked assets included 13,000 selfies and ID photos used for verification, plus 59,000 public images and direct messages. Tea is investigating the breach and has taken systems offline to secure user data.
Breaking Down the Tea App Breach
Tea, a dating app designed to help women share safety tips and verify male users, confirmed last week that unauthorized actors accessed one of its legacy data systems. Initial findings show the breach exposed roughly 72,000 images, spanning verification IDs, selfies, public posts, comments and private direct messages.
Scope of the Exposure
Tea's preliminary audit revealed:
- 13,000 selfies and photo IDs submitted for identity verification
- 59,000 images from public posts, comments and direct messages
All files resided in a legacy archive holding over two years of data. Tea says there’s no sign current user records were affected, and the exposed system has been taken offline pending a full investigation.
Implications for User Privacy
The leak reignites debates around identity verification and data retention. While Tea’s approach of requiring government IDs and selfies aims to ensure safety, it also concentrates sensitive personal data in a single store. Once breached, photos of faces and IDs fuel risks of impersonation, doxxing and harassment.
Securing Dating Apps: Lessons Learned
Developers and product teams can embrace these best practices to protect users:
- Regularly audit and retire legacy systems that store sensitive data
- Encrypt images and messages at rest with modern ciphers
- Implement least-privilege access controls and continuous monitoring
- Maintain an incident response plan with playbooks for data leaks
How QuarkyByte Can Help
At QuarkyByte, we blend deep forensic analysis with strategic remediation to uncover hidden vulnerabilities in data archives of all sizes. Whether you're a dating platform, fintech or government portal, our tailored breach response and system hardening frameworks ensure user data stays secure and trust remains intact.
Keep Reading
View AllDevice Bound Session Credentials Secure Google Workspace Accounts
Google Workspace beta introduces device-bound session credentials on Chrome for Windows to block session cookie theft and strengthen account security against token-based attacks.
UK Abandons Secret Backdoor Demand for Apple Encryption
After U.S. pushback, the U.K. backs down from secret order forcing Apple to build a global backdoor. Senator Wyden probes Google’s response.
Tea App Second Breach Exposed Over Million Private Messages
A second breach at Tea exposed 72K ID images and over 1M private messages, revealing phone numbers and personal discussions. Discover the risks and fix gaps.
AI Tools Built for Agencies That Move Fast.
QuarkyByte’s security experts quickly identify hidden risks in legacy data stores like Tea’s. We deploy tailored breach response plans that protect user identities and strengthen trust. Explore how our forensic analysis and strategic remediation can shield your app’s sensitive content.