What just happened? Tea, officially known as "Tea Dating Advice," is a dating safety app that allows women to anonymously share information about men and potential red flag behavior. Now the top free app in the App Store, Tea has been hacked. 4Chan users linked to a public storage bucket containing about 72,000 images, including 13,000 selfies and government-issued IDs used for gender verification.
The Tea app has seen a surge in popularity recently. Founded in 2023, it allows women to exchange details about local men in the area. This can be anything from behavior that could be perceived as warning signs, whether they are married, are registered sex offenders, have criminal records, or if they use fake images for catfishing.
Women can also share "green flag" qualities found in men.
Tea recently said that it has over 4 million members globally and became the top free app in Apple's App Store last week. But while it is advertised as being a safety app, it has received plenty of criticism. Some men claim to have been doxxed or misrepresented by women with a grudge. Others say it is "anti-male."
The app requires users to take selfies to prove they are female. Tea's privacy policy states that these photos are "deleted immediately" after authentication.
404 Media reports that 4Chan users posted links to an exposed cloud database hosted on Google's mobile app development platform, Firebase. This followed calls on the site for a "hack and leak" campaign against the app.
Members of the imageboard reportedly searched through the data, posting selfies and identities that had been uploaded to Tea. One person said they downloaded 3,000 images.
Although screenshots from the app are blocked by its security features, Tea admitted that 59,000 images showing posts, comments, and direct messages from over two years ago were also accessed.
404 Media reports that the public bucket linked by 4Chan users was the same one the publication discovered in the app's source code.
Tea says that the database was from two years ago, and that the data was originally stored in compliance with law enforcement requirements related to cyberbullying prevention.
The company added that the breach affected members who signed up before February 2024. It has hired third-party cybersecurity experts and is "working around the clock to secure our systems."
"Protecting our users' privacy and data is our highest priority. Tea is taking every necessary step to ensure the security of our platform and prevent further exposure," a spokesperson said.
This isn't the first time that 4Chan has been at the center of a leak. Images from the 2014 celebrity photo leak scandal known as "Celebgate" or "The Fappening" originated on the imageboard, though in that instance they were obtained primarily through targeted phishing attacks on Apple iCloud accounts.
Tea app confirms data leak after 4Chan users discover unsecured cloud storage
