Millions of women’s personal messages exposed in leak on dating app Tea

Hackers leaked more than 72,000 images and more than a million private notifications from the women’s dating app Tea, which positions itself as a safe platform to combat scammers. In response, the company disabled the private notifications feature and began working with the FBI.

The app Tea, trusted by more than 4.6 million women around the world, has been the victim of a double data breach. First, on July 25, 2025, the company recorded unauthorized access to an outdated database containing approximately 72,000 photos, including 13,000 selfies and photos for identity verification. About 59,000 other images are those posted in public comments and notifications.

But then it got worse. According to 404 Media, hackers, likely from 4chan, discovered an open Firebase database with much more sensitive data than previously reported. These are personal correspondences that discussed issues of abortion, infidelity, and phone numbers that users exchanged in private correspondence.

In response, Tea published an official statement on the website and on Instagram. In it, the team stated that it had suspended personal notifications and began notifying users whose data may have been compromised.

This is the second leak in six months that calls into question Tea’s promises of “anonymity and protection.” For the first time, the platform positioned itself as a tool for detecting “catfish” (people pretending to be others) and checking criminal backgrounds. In reality, the company, which stored personal photos and data on Firebase, was unable to guarantee basic security.

Despite assurances that no emails or phone numbers were accessed during the first incident, the new information demonstrates a deeper level of vulnerability. And while Tea promises to beef up security and provide free privacy protection to victims, the reputational damage has already been done.

This leak is an example of how hacking attacks can destroy not only businesses, but also the trust of their target audiences. In Tea’s case, it was a vulnerable group of women who were looking for a safe space to communicate.

• Such incidents demonstrate that insufficient attention to cybersecurity leads to disaster, even if old databases are “no longer relevant.”
• Tea is no exception. Hundreds of companies continue to store sensitive data in unprotected or unencrypted databases. And each such vulnerability is a door for invasion.
• Hackers attack precisely those businesses that do not expect to be targeted, but store valuable information. And for many victims, it is not just a matter of leakage, but a real risk to their lives, relationships and reputations.