A recent cybersecurity incident has impacted Tea, a dating app designed to prioritize women’s safety, after it was revealed that 13,000 user selfies were exposed due to unauthorized access.

The breach took place last Friday and affected a legacy storage system that was no longer actively in use. According to a statement from the company, Tea immediately launched a full-scale investigation in collaboration with external cybersecurity specialists to assess the extent of the breach and contain the threat.

“We detected unauthorized access to an older data storage environment, which contained approximately 72,000 images,” the company confirmed. “These included 13,000 selfie and ID photos submitted by users for verification before February 2024, as well as around 59,000 images publicly available in posts, messages, and comments.”

Although Tea promises to delete user verification images after account setup, the compromised photos had been archived for compliance with law enforcement guidelines related to cyberbullying prevention.

Importantly, no email addresses or phone numbers were exposed in the breach, and the company says it has no current evidence that any of the leaked images can be linked to specific user profiles.

The Tea app, launched in 2022 by developer Sean Cook, has rapidly gained popularity in the iOS App Store. It provides a digital space for women to discuss dating experiences, flag potential red flags, and highlight positive behavior within the online dating world.

Despite its mission to create a safer environment, the incident underscores how even platforms focused on security and trust can be vulnerable. Cybersecurity experts have emphasized that misconfigurations and outdated systems remain common causes of breaches — and are often preventable.

“These kinds of exposures frequently result from gaps in basic security hygiene,” said Greg Anderson, CEO of DefectDojo. “Proactive training, infrastructure audits, and regular exposure scanning are critical steps for reducing risk.”

Tea is continuing its investigation and has committed to sharing further updates as more details become available.

Source: https://www.infosecurity-magazine.com/news/dating-app-breach-exposes-13000