Tea Dating App Discloses Breach Exposing 72,000 Images

San Francisco–based Tea Dating Advice Inc. confirmed that hackers accessed about 72,000 user images, including 13,000 selfies and photo IDs submitted for verification, in a breach disclosed on July 26 [reuters.com#1][fortune.com#1][chicagotribune.com#1]. The fast-growing app, which had just climbed to No. 1 on the U.S. Apple App Store, said it has “engaged third-party cybersecurity experts and [is] working around the clock to secure our systems” [reuters.com#1]. Tea added that no e-mail addresses or phone numbers were exposed and that only accounts created before February 2024 were affected [reuters.com#1][fortune.com#1].

Highlights:

• No contact information: The company says e-mail addresses and phone numbers were not leaked [reuters.com#1][fortune.com#1]
• Verification selfies: Tea requires users to upload selfies for account approval; 13,000 such images—about 18% of the 72,000 files—were taken [reuters.com#1].
• Time window: Only users who joined before February 2024 were caught in the breach [reuters.com#1][fortune.com#1].
• Founder’s goal: Software engineer Sean Cook created Tea in 2022 after his mother’s negative dating experiences, aiming to let women “vet men” much like Yelp reviews restaurants [chicagotribune.com#1][fortune.com#1].
• Growth versus risk: Tea’s rapid rise to the App Store’s top spot highlights both demand for safer dating tools and the high stakes of protecting sensitive user data [reuters.com#1][chicagotribune.com#1].

“We have engaged third-party cybersecurity experts and are working around the clock to secure our systems.” - Tea Dating Advice Inc. (company statement)

Perspectives:

• Tea Dating Advice Inc.: The company says only images were exposed and that no e-mail addresses or phone numbers were affected [reuters.com#1]. (Reuters)
• 404 Media: According to 404 Media, an exposed database “allowed anyone to access the material,” indicating a likely configuration error [fortune.com#1]. (Fortune)
• Aaron Minc, defamation attorney: Minc compares Tea profiles to “people have their own little Yelp pages,” warning of potential defamation disputes [fortune.com#1]. (Fortune)

Sources:

• SF company's app goes viral, is immediately hacked - sfgate.com
• The Tea app was intended to help women date safely. Then it got hacked. - chicagotribune.com
• Women's dating app Tea reports 72,000 images stolen in security breach - reuters.com
• The Tea app was intended to help women date safely. Then hackers leaked 72,000 images online, including users’ selfies - fortune.com
• Tea app hacked: Images stolen from women's dating safety app that vets men - BBC - google.com
• The Tea app was intended to help women date safely. Then it got hacked - seattletimes.com
• What to Know About the Hack at Tea, an App Where Women Share Red Flags About Men - nytimes.com