The popular women’s dating application, Tea, has confirmed a significant data breach that has affected users who joined before February 2024. The disclosure was made on July 25, 2025, through the app’s official communication channel, raising alarms about user privacy on social media platforms.
The breach, which occurred around 6:45 a.m. PT, primarily impacted an archived system rather than current user data, exposing approximately 72,000 user-submitted images. This staggering number includes around 13,000 selfies from user verifications and about 59,000 images publicly available through posts and comments, some dating back over two years. The company indicated that these images were collected to comply with law enforcement requirements for cyberbullying prevention.
According to 404 Media, which first reported the incident, the breach was allegedly orchestrated by anonymous right-wing users on 4chan. The hackers claimed responsibility for discovering an exposed database associated with the Tea app on Firebase, subsequently leaking user data and images online.
The discovered vulnerability stemmed from the app’s Firebase storage bucket being publicly accessible, showcasing a trend in vibe coding. This method raised critical security questions, particularly given that the original posts revealing the breach were quickly removed, but the compromised data had already circulated across various platforms, some of which include social media and decentralized networks.
In their response, the Tea app team stated they were collaborating with internal security teams and external experts to remediate the issue swiftly. However, skepticism about their effectiveness arose when VX-Underground reported that the Firebase instance remained vulnerable for over 12 hours after the breach, including the ability for users to continue uploading data.
The Tea app, founded in 2023 by Sean Cook, serves as a platform for women to share experiences and information about men, including the ability to rate them as “red flags” or “green flags.” Although intended as a safety feature, the app has been met with criticism and legal scrutiny surrounding potential privacy violations and defamations from male users. This breach occurs during a surge in the app’s popularity, reaching the top of Apple’s App Store charts this week.