Data Breach Exposes Thousands of Users on Women's Dating App Tea

In a significant cybersecurity breach, Tea, a dating application aimed at enhancing women's safety in online dating, has confirmed that thousands of user images, including selfies, were leaked online. The San Francisco-based company, Tea Dating Advice Inc., reported that the incident occurred after 4Chan users discovered an exposed database that allowed unauthorized access to sensitive material associated with the app. The breach has brought to light critical discussions about privacy and safety in the evolving landscape of online dating, especially concerning women's experiences.

Founded in 2022 by Sean Cook, a software engineer with experience at Salesforce and Shutterfly, Tea was designed to empower women by enabling them to anonymously warn each other about potentially dangerous encounters with men they might meet through mainstream dating platforms like Tinder and Bumble. Cook's motivation stemmed from witnessing his mother's distressing experiences, including dating men with undisclosed criminal backgrounds and falling victim to catfishing.

The application's recent surge in popularity coincided with the breach, as it soared to the top of the U.S. Apple App Store after a staggering 525% increase in downloads between July 17 and July 23, 2025, according to Sensor Tower, a mobile app analytics firm. As of July 24, Tea reported reaching four million users, indicating a growing demand for platforms that prioritize women's safety.

Critics of the platform, however, have raised alarms about its potential for misuse. A female columnist for The Times of London referred to Tea as a “man-shaming site,” asserting that it operates on the principles of vigilante justice, contingent on the subjective judgment of anonymous users. This perspective was echoed by Aaron Minc, an attorney specializing in online defamation and harassment, who noted, “People are upset. They’re getting named. They’re getting shamed.”

From a legal standpoint, the implications of such a platform are complex. Under U.S. law, websites are generally protected from liability for user-generated content due to Section 230 of the Communications Decency Act. However, users can still face legal ramifications for defamation and privacy violations. Minc emphasized that sites like Tea may attract cyberattacks due to their controversial nature, stating that they “create enemies” and thus become targets.

In the aftermath of the breach, Tea has engaged cybersecurity experts to bolster its defenses and has assured users that their email addresses and phone numbers remain secure. The company reported that approximately 72,000 images were leaked, including 13,000 selfies submitted for account verification. Notably, the breach affects only users who registered before February 2024, and Tea has advised that there is no immediate need for users to change passwords or delete accounts. The company stated, “All data has been secured,” emphasizing its commitment to protecting user privacy.

As the online dating landscape continues to evolve, the incident raises important questions about user safety, privacy, and the ethical responsibilities of tech companies. Moving forward, experts suggest that dating applications must implement more robust security measures and transparent policies to protect their users, particularly in a climate where data breaches are becoming increasingly common. The incident not only highlights the necessity for secure digital environments but also underlines the broader societal implications of how women navigate dating in a digital age filled with both opportunity and risk.