An app that claims to help women protect themselves against “red flag” behaviour when dating men has been hacked, with tens of thousands of images, including some containing personal information, reportedly posted online.
The images included photos of themselves that women are obliged to provide when signing up – which the app, Tea Dating Advice, says are deleted immediately after being verified.
The app said on Friday that hackers had breached a “legacy” data storage system and exposed about 72,000 images, including selfies and photo identification of users.
Personal data
The women-only site, launched in 2023, allows women to join an anonymous forum where they can seek feedback on men they are considering dating, or can report bad behaviour by men they have dated.
They can also run background checks on men, search for criminal records or conduct reverse-image searches to guard against “catfishing”, or the use of false online profiles utilising images taken from online sources.
According to the app’s website, founder Sean Cook launched it after witnessing his mother’s “terrifying” dating experiences.
Tea surged to popularity late last week after becoming the subject of heated debate on social media, with some claiming it promoted invasion of privacy and calling for it to be hacked.
On Thursday Tea said on Instagram that it had seen a massive surge in growth, with more than two million users seeking to join in the past few days.
It rose to the top of Apple’s free iPhone app charts and was highly ranked on Google’s Play store.
The company said the hack included 13,000 selfies and images of identification documents that users were required to provide when signing up.
Identity documents
Images from posts, comments and direct messages were also included in the breach, it said.
The data belonged to users who signed up before February 2024. In 2023 Tea ended the requirement to provide a photo ID in addition to a selfie.
While the site’s privacy policy says the documents are deleted shortly after being verified, the images were not deleted.
Tea said in its statement that the data was stored “in compliance with law enforcement requirements related to cyberbullying prevention” and was not moved to newer systems that it said were better protected.
The data appeared to circulate online on Friday, news outlet 404 Media reported.