Tea Dating Advice, Inc. (“Tea”), a “dating safety” app that has recently gone viral and hit No. 1 on the US Apple App Store, is the latest target of a massive security breach.  

Tea has confirmed that 72,000 images from “legacy data storage system” have been leaked online, including 13,000 selfies and photo identification that users submitted during account verification and 59,000 images that were publicly viewable in the app from posts, comments and direct messages.

For those unfamiliar, the Tea app serves a unique purpose: it allows women to anonymously research men they’re dating. According to Tea’s website, “With features like Reverse Image Search to catch catfish, Phone Number Lookup to check for hidden marriages, and Background Checks to uncover criminal records, Tea ensures that women have the information they need before meeting someone new.” Users can search for men using their locations and names, or upload a picture of them to the app. Other app users can “red flag” or “green flag” the men and post comments or send private messages about their interactions with them.

To sign up for this app, users were required to take an unfiltered selfie directly through the app’s camera and also upload a photo of their driver’s license or other ID. These steps were intended to verify the identity of new users and confirm that they are women. According to Tea’s official statement, they removed the ID requirement in 2023. Tea’s privacy policy, which was last updated in 2022, explicitly states that these photos are “securely processed and stored only temporarily and will be deleted immediately following the completion of the verification process.” This claim seems to be directly contradicted by the leaked dataset, which reportedly contains information from “prior to February 2024.” One app user commented on Tea’s statement regarding the data breach: “Why are yall archiving anything if yall clearly stated yall delete selfies submitted for verification after review… yall need to change that since it’s not true.”

The app’s privacy policy also states that “Tea Dating Advice takes reasonable security measures to protect your Personal Information to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction.” According to Tea, it is “working around the clock with internal security teams and third-party experts to secure [its] systems.”

It’s worth noting that the Tea app has been a source of contention for some men, who claim it can be a source of misinformation and lead to violations of their privacy. On online communities like Reddit and 4chan, there have been calls for a hack and leak of women’s data from the app. Adding to the concern, rumors and pictures are currently circulating among X app users, suggesting that an interactive map with the leaked locations of women from the security breach exists. However, according to Tea’s statement, no email addresses or phone numbers were accessed. 

We will continue to monitor this story as it develops.

Co-authored by Katelyn Guidry, Summer Law Clerk at Troutman Amin, LLP.