The “Tea” app, a new and popular social platform for women, confirmed a major data breach affecting users who joined before February 2024. The announcement was made on Friday, July 25, 2025, via the app’s official channel (@theteapartyqueens).
Breach Details
The breach, occurring at 6:45 a.m. PT, primarily impacted an archived system, not current user data. Approximately 72,000 user-submitted images were compromised. This includes about 13,000 selfies and photo identifications from account verification, and roughly 59,000 images publicly viewable through posts, comments, and direct messages, some dating back over two years. Tea stated that this data was stored to meet law enforcement standards for cyberbullying prevention.
The app requires new users to submit a verification selfie and a photo of their government-issued ID, which is used to verify that new sign-ups are indeed women. The company clarified that no email addresses or phone numbers were accessed, and the affected photos cannot be linked to specific in-app posts.
According to 404 Media, which first reported the incident, the breach may have been triggered by anonymous right-wing trolls on 4chan, an image-based message board, following calls for a “hack and leak” campaign.
These 4chan users claim to have discovered and accessed an exposed database on Firebase (Google’s mobile app development platform) belonging to Tea, subsequently sharing users’ personal data and selfies online. Evidence, including screenshots, 4chan posts, and code, was reviewed by 404 Media.
The vulnerability reportedly stemmed from the app’s Firebase storage bucket being publicly accessible, a practice linked to “vibe coding,” where developers might use AI tools without a sufficient security review. Although the original post has been removed, the compromised data has reportedly spread across various platforms, including other social media sites like X and decentralised networks such as BitTorrent, with some users even creating Google Maps links displaying general coordinates of affected individuals.
Company Response Under Scrutiny
The Tea app team stated they are working quickly with internal security teams and trusted experts to address the issue. They asserted that no current or additional data has been accessed.
However, as reported by VX-Underground on X, even over 12 hours after the compromise was reported, the Firebase instance remained accessible, and users could still upload data, seemingly contradicting the company’s claims of immediate remediation.
For your information, the “Tea” app is a platform founded by Sean Cook in 2023 where women could share experiences and information about men, including rating them as “red flags” or “green flags,” uploading photos of men (often sourced from social media) and direct sharing of information through group chats.
While positioned as a safety tool, it has faced criticism and legal questions concerning privacy violations and potential defamation, particularly from men. The timing of the breach coincided with the app’s surge in popularity, reaching the top of Apple’s App Store this week.
