Tea Dating Advice App leaks 72k images including drivers licenses and selfies

At 6:44 AM PST on July 24, 2025, Tea Dating Advice Inc., the company behind the popular Tea app, discovered a significant exfiltration of their data that exposed sensitive information belonging to its users. The breach was first reported by 404 Media, which discovered that a database containing private data had been posted to the online forum 4chan.

According to Tea Dating Advice Inc., the breach involved unauthorized access to a legacy data storage system, which contained information from over two years ago.

The exposed data included approximately 72,000 images, with about 13,000 being selfies or photo identifications submitted by users during the account verification process. The remaining 59,000 images were sourced from within the app and included comments and direct messages.

The information accessed without authorization consisted of direct messages, drivers licenses, and facial imaging (selfies for verification). The breach affected users who signed up before February 2024.

The severity of the breach is heightened by the nature of the information exposed. The images and identification documents were stored unencrypted in a publicly accessible database, which was hosted on Google’s Firebase platform. 4chan users discovered this vulnerability and began downloading and sharing the data.

Tea Dating disclosed the data breach to the California, Maine and Texas Attorney Generals' offices between Aug. 28 and Aug. 29, 2025.

Tea Dating Advice's response

Following the discovery of the breach, Tea Dating Advice immediately launched a full investigation and engaged third-party cybersecurity experts to assess the incident. The company stated that the breach was limited to a legacy data storage system and that there is no evidence suggesting additional user data was affected.

Tea Dating Advice has emphasized that protecting user privacy and data is its highest priority and is working around the clock to address the situation.

Given the nature of the breach, affected users should take several precautionary steps. Those who submitted a selfie or driver’s license for verification before February 2024 should be vigilant for signs of identity theft or misuse of their personal images. It is advisable to monitor for any suspicious activity involving their identity or images online.

Since no email addresses or phone numbers were exposed, phishing risks may be lower, but users should remain cautious about any unsolicited communications referencing their Tea app activity.

For further information, users can visit the Tea Dating Advice Official Statement for possible updates and resources. The company has not yet announced specific support services such as credit monitoring, but users are encouraged to contact Tea Dating Advice Inc. directly if they have concerns or require assistance.