Tea dating app hack leaks 72,000 images amid privacy backlash

July 27, 2025 – 11:42 AM

A dating app designed to help women safely vet men online has become the subject of public scrutiny after a major data breach exposed tens of thousands of user images. The Tea app, which markets itself as a platform for anonymous reviews of men, confirmed the cybersecurity incident just as it reached the top spot on the U.S. Apple App Store.

The hack raises urgent questions about privacy, online accountability, and the risks of anonymous platforms in modern dating.

Tea app designed to protect women’s safety

Tea was launched in 2022 by software engineer Sean Cook, who previously worked at Salesforce and Shutterfly. Inspired by his mother’s troubling dating experiences — including being deceived by men with hidden criminal records or fake identities — Cook envisioned Tea as a tool for transparency in the online dating world.

The app allows women to search for and anonymously leave reviews about men they’ve encountered on other dating platforms like Tinder and Bumble. Tea users can flag red flags such as dishonesty, abusive behavior, or criminal allegations — information that could potentially help others avoid dangerous situations.

“It’s like people have their own little Yelp pages,” said Aaron Minc, an attorney at Minc Law in Cleveland who specializes in internet defamation and harassment cases.

In one public App Store review, a user described how the app helped her uncover more than 20 red flags about someone she was speaking to online — including allegations of assault and secretly recording women. “I can’t imagine how things could’ve gone had I not known,” she wrote.

App soars in popularity — then suffers a breach

Interest in the app surged over the past week. According to analytics firm Sensor Tower, Tea downloads increased by more than 500% from July 17 to July 23, pushing the app to No. 1 in the U.S. Apple App Store as of July 24. The company reported via Instagram that it had surpassed 4 million users.

However, just days later, the platform confirmed that it had been hacked. According to an initial report from tech site 404 Media, users of the message board 4Chan discovered an exposed database that allowed public access to sensitive user data.

Tea’s parent company, San Francisco–based Tea Dating Advice Inc., acknowledged the breach in a public statement, noting that about 72,000 images were compromised. Of these, 13,000 were private images — selfies and photo IDs submitted for account verification — while the remaining 59,000 came from user-generated content like public posts, comments, and direct messages.

“We have engaged third-party cybersecurity experts and are working around the clock to secure our systems,” the company stated. Tea emphasized that no phone numbers or email addresses were leaked and that the breach only affected users who signed up prior to February 2024.

Users urged not to panic as app responds

Despite the scale of the leak, Tea assured users that “all data has been secured,” and there is currently no need to reset passwords or delete accounts. The company added that protecting user data remains its “highest priority.”

Legal experts weighed in on the implications of the incident. “These sites get attacked,” said Minc. “They create enemies. They put targets on themselves where people want to go after them.”

While Tea’s creators aimed to provide a tool for transparency and safety, its model has sparked fierce debate — especially after the breach exposed content that some view as defamatory or unjust.

Critics raise concerns about privacy and defamation

Tea’s approach has attracted both praise and criticism. Supporters argue that it gives women a much-needed way to vet potential partners, while critics say it opens the door to anonymous defamation and unfair public shaming.

In The Times of London, a female columnist labeled Tea “a man-shaming site,” writing: “This is simply vigilante justice, entirely reliant on the scruples of anonymous women. With Tea on the scene, what man would ever dare date a woman again?”

Minc confirmed that his law firm has been receiving a spike in inquiries related to the app. “Over the last couple of weeks, we’ve gotten hundreds of calls on it. It’s blown up,” he said. “People are upset. They’re getting named. They’re getting shamed.”

While platforms like Tea are protected under Section 230 of the U.S. Communications Decency Act — which shields websites from liability for user-generated content — individuals who post defamatory information can still face legal action.

In one notable case, a federal judge in Illinois dismissed an invasion-of-privacy lawsuit by a man who had been discussed in a Facebook group titled Are We Dating the Same Guy?, according to Bloomberg Law. However, state-level privacy laws may still apply if content involves personal photos or private information posted with harmful intent.

What’s next for Tea and similar platforms?

Tea’s rise and rapid breach highlight the growing tension between privacy, safety, and free expression in online dating. While the app serves a clear user demand for accountability, it also reveals the legal and ethical complexities of crowdsourced personal information.

As of now, Tea has not disclosed whether law enforcement is involved in the investigation or whether it plans to offer support to affected users. The company has promised transparency in future updates.

The incident serves as a cautionary tale for both developers and users of apps that traffic in sensitive or reputation-based information. With rising concerns about digital safety, experts stress the need for stronger data protections — and more thoughtful design when it comes to balancing public interest with personal privacy.