Tea Dating Advice, a US-based women-only dating safety app with over 6 million users, suffered a data breach on **July 25, 2025**, when an unauthorized entity accessed its **legacy cloud storage system**. The incident exposed **72,000 private images**, including selfies, photo IDs, and user-posted content. The breach occurred due to an **exposed dataset**, highlighting a preventable misconfiguration in Tea’s cloud infrastructure. The compromised data—intended to verify user identities and screen for criminal histories, sex offenders, or catfishers—undermined the app’s core promise of trust and security. Shortly after, Tea’s male counterpart, *Tea on Her*, also experienced a breach. The incident exacerbated public distrust in dating platforms, already facing a **49% perception of being unsafe**, and raised concerns about the ethical use of facial recognition and the app’s potential to fuel gender-based disputes. Despite the breach, Tea retained its second-place ranking in Apple’s App Store, reflecting persistent demand for privacy-focused tools amid rising cyber threats.
Source: https://techpolicy.press/the-tea-dating-app-breach-and-the-quest-for-safer-online-platforms
TPRM report: https://www.rankiteo.com/company/tea-dating-safety-for-women
"id": "tea5592855092925",
"linkid": "tea-dating-safety-for-women",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '72,000 (users whose images were '
'exposed)',
'industry': 'Technology / Online Dating',
'location': 'United States',
'name': 'Tea Dating Advice',
'size': '6 million users',
'type': 'Dating Safety App (Women-Only)'},
{'industry': 'Technology / Online Dating',
'location': 'United States',
'name': 'Tea on Her',
'type': 'Dating Safety App (Male Counterpart)'}],
'attack_vector': ['Exposed Dataset', 'Improper Cloud Storage Configuration'],
'data_breach': {'data_encryption': 'No (data was exposed due to '
'misconfiguration)',
'data_exfiltration': 'Yes (images accessed by unauthorized '
'entity)',
'file_types_exposed': ['JPEG/PNG (likely)', 'Photo IDs'],
'number_of_records_exposed': '72,000',
'personally_identifiable_information': ['Visual PII (photos, '
'IDs)'],
'sensitivity_of_data': 'High (includes personally '
'identifiable visual data)',
'type_of_data_compromised': ['Images (selfies, photo IDs, '
'user-posted content)']},
'date_detected': '2025-07-25',
'description': 'The Tea Dating Advice app, a women-only dating safety '
'platform with over 6 million users, experienced a data breach '
'on July 25, 2025. An unauthorized entity accessed 72,000 '
'private images, including selfies, photo IDs, and user-posted '
'images. The breach occurred due to an exposed dataset in '
'Tea’s legacy cloud storage system, which was improperly '
'configured. The incident raised concerns about online safety, '
'especially in dating apps, and highlighted vulnerabilities in '
'legacy systems. Tea’s male counterpart, Tea on Her, also '
'experienced a subsequent breach. The breach occurred amid '
'broader concerns about declining trust in dating apps, with '
"49% of Americans viewing them as 'not too safe.'",
'impact': {'brand_reputation_impact': ['Negative media coverage',
"Erosion of trust in 'safe dating' "
'brand',
'Associations with broader decline in '
'dating app safety perceptions'],
'customer_complaints': ['Concerns about privacy and safety',
'Criticism of facial recognition accuracy',
'Accusations of fueling gender bias'],
'data_compromised': ['72,000 private images (selfies, photo IDs, '
'user-posted images)'],
'identity_theft_risk': ['High (due to exposure of photo IDs and '
'personal images)'],
'legal_liabilities': ['Potential lawsuits',
'Regulatory scrutiny over data protection '
'failures'],
'operational_impact': ['Loss of user trust',
'Potential decline in user base',
'Legal troubles'],
'systems_affected': ['Legacy Cloud Storage System']},
'initial_access_broker': {'entry_point': 'Exposed cloud storage dataset',
'high_value_targets': ['User-uploaded images '
'(selfies, IDs)']},
'investigation_status': 'Ongoing (as of September 2025)',
'lessons_learned': ['Legacy cloud storage systems require rigorous access '
'controls and configuration reviews.',
"Dating safety apps must prioritize 'secure-by-design' "
'principles to maintain user trust.',
'Exposed datasets in cloud environments are a critical '
'attack vector for unauthorized access.',
'Public backlash can amplify reputational damage, '
"especially for platforms positioned as 'safe spaces.'",
'Privacy-preserving technologies (PETs) must be '
'implemented carefully to avoid introducing new '
'vulnerabilities.'],
'post_incident_analysis': {'root_causes': ['Misconfigured legacy cloud '
'storage system lacking proper '
'access controls.',
'Failure to implement '
'secure-by-default configurations '
'for sensitive data.',
'Over-reliance on legacy '
'infrastructure without regular '
'security reviews.']},
'recommendations': ['Conduct a full audit of cloud storage configurations and '
'access controls.',
'Implement multi-factor authentication (MFA) and '
'encryption for stored data.',
"Adopt a 'privacy-by-design' framework for platform "
'development.',
'Enhance transparency in incident communication to '
'rebuild user trust.',
'Invest in modernizing legacy systems to reduce exposure '
'to misconfiguration risks.',
'Provide users with clear guidance on protecting their '
'data post-breach (e.g., monitoring for identity theft).',
'Collaborate with cybersecurity firms for third-party '
'penetration testing.'],
'references': [{'date_accessed': '2025-09-29',
'source': 'Laura Scherling (Perspective Article)'},
{'source': 'The New York Times (Salt Typhoon Hack Coverage)'},
{'source': 'Glamour Magazine (Tea App Feature)'},
{'source': 'ABC News (Criticism of Tea’s Facial Recognition)'},
{'date_accessed': '2025-05',
'source': 'Interview with Sean Cook (Tea Founder)'}],
'regulatory_compliance': {'legal_actions': ['Potential lawsuits (pending)']},
'threat_actor': 'Unknown (Unauthorized Entity)',
'title': 'Tea Dating Advice Data Breach',
'type': ['Data Breach', 'Unauthorized Access', 'Cloud Misconfiguration'],
'vulnerability_exploited': ['Legacy Cloud Storage Misconfiguration',
'Lack of Access Controls']}