The Tea app, a women-only dating safety platform, went viral in July 2025, hitting #1 on the Apple App Store. However, on July 25, 2025, a major data breach exposed approximately 72,000 user images including around 13,000 selfies and government-issued IDs prompting widespread outrage and serious concerns over user privacy. This article dives into what happened, who’s affected, and what’s next for the Tea app’s ~4 million users.

What Is the Tea App Data Breach?

• What: A data breach on July 25, 2025, exposed ~72,000 images from the Tea app, including 13,000 verification selfies and IDs (e.g., driver’s licenses) and 59,000 images from posts, comments, and direct messages (DMs). The breach involved ~59.3GB of data, some shared via torrents on 4chan and X.
• Why: An unsecured Firebase database (Google’s app development platform) lacked passwords, encryption, or authentication, leaving data publicly accessible.Tea’s dependence on AI-generated code commonly referred to as “vibe coding” without conducting proper security reviews significantly contributed to the severity of the vulnerability.
• How:
  • 4chan users discovered the exposed database, posting links to download the data before Tea locked it down, returning a “Permission denied” error.
  • Automated scripts mass-downloaded images, including recent 2024–2025 DMs, contradicting Tea’s claim of only “legacy data” from pre-February 2024.
  • At 6:44 a.m. PST, Tea confirmed the breach and initiated an investigation in partnership with external cybersecurity specialists.
• History: Tea, founded by Sean Cook in 2023, surged to ~4 million users in July 2025, with ~2 million new signups. It verifies users as women via selfies and IDs to maintain a safe “whisper network” for dating advice.
• Impact:
  • Users face risks of identity theft, harassment, or doxxing, with GPS coordinates and profile data allegedly leaked.
  • Trust in Tea’s safety promise is eroded, with backlash over its privacy policy falsely claiming selfies are “deleted after verification.”
  • Some users reported “screen loading” issues post-breach, unaddressed by Tea.
• Related Concepts:
  • Purpose: To create a female-only space for sharing dating insights and vetting men via background checks and reverse image searches.
  • Process: Users upload selfies/IDs; the app uses AI to verify gender and enable anonymous posts labeling men as “red flags” or “green flags.”
  • People: ~4 million women users, mostly aged 18–34, and founder Sean Cook, inspired by his mother’s online dating struggles.
  • Problem: Undermines user safety with exposed sensitive data.
  • Performance: 48% of Tea’s AI-generated code had security flaws, per critics.
  • Possibilities: Could lead to stricter online ID verification laws or app store bans for non-compliance.
  • Practical Use: Users should enroll in credit monitoring, check dark web leaks, and consider deleting Tea accounts.

Conclusion: Is the Tea App Good or Not?

The Tea app is not good in its current state. Marketed as a safe haven for ~4 million women to share dating advice, its data breach on July 25, 2025, exposed 72,000 images, including 13,000 sensitive selfies and IDs, due to an unsecured Firebase database and flawed AI-generated code. This failure contradicts Tea’s promise of anonymity and safety, risking identity theft and harassment for users who joined before February 2024. Despite Tea’s quick response hiring cybersecurity experts and locking down the database the breach reveals systemic security lapses, amplified by its privacy policy’s false claim that verification photos are deleted. Ongoing “screen loading” issues and no clear mitigation timeline further erode trust. While its mission to protect women is noble, Tea’s execution is dangerously flawed. Users should delete the app, monitor for leaked data, and avoid similar platforms until stricter security standards are enforced.