How a 'Hack and Leak' Campaign Against the 'Tea App' Exposed Over 13,000 Women's Photos and IDs

A massive data breach involving the Tea App has compromised the privacy of thousands of women, after hackers leaked more than 72,000 images, many of them personal selfies and official IDs, onto internet forums including 4Chan.

The breach, which involved unauthorised access to an older legacy database, has raised serious concerns about data protection on platforms designed to offer online safety. Tea, originally marketed as a women-only safe space for sharing dating red flags, is now grappling with the fallout of what appears to be a targeted 'hack and leak' campaign.

Legacy Database Targeted in Breach

The Tea App confirmed on 26 July that hackers had accessed a storage system from over two years ago. According to the company, the affected database had been maintained under requirements related to cyberbullying investigations. In total, 72,000 images were compromised, including 13,000 verification photos and government-issued IDs that users had submitted when creating accounts.

The remaining 59,000 images were sourced from posts, messages, and comments shared on the platform. Although Tea claims that current user data and contact details such as email addresses or phone numbers were not affected, the breach represents a serious violation of trust between the platform and its users. As reported by NBC News, a link to download the stolen images was widely circulated online.

4Chan Campaign and Public Reaction

The breach appears to have originated from users on the online forum 4Chan, where calls for a coordinated hacking campaign were made shortly before the leak. A user posted a link on the site directing others to the compromised files, which reportedly included sensitive images now circulating on both 4Chan and X (formerly Twitter).

According to The News, the Tea App's spokesperson stressed that the leaked verification images cannot be linked to any posts within the app, though user concerns have continued to rise.

Meanwhile, backlash has emerged from both users and critics. Some commenters expressed outrage over their data being exposed, while critics of the app, most notably streamer Asmongold, questioned the app's premise altogether. In a stream quoted by the Times of India, Asmongold called the breach a form of 'karma' for what he described as a platform that publicly labels men without consent.

Company Response and Cybersecurity Measures

Following confirmation of the incident, Tea's development team moved quickly to contain the damage. According to a statement published by the company, third-party cybersecurity specialists have been hired to assist with internal investigations and to secure the platform.

The company said, 'Protecting our users' privacy and data is our highest priority. Tea is taking every necessary step to ensure the security of our platform and prevent further exposure.'

Despite this, the breach has shaken user confidence. Numerous comments on the app's social media pages reflect concerns over data privacy and whether future leaks could still occur.

Impact and Ongoing Concerns

Tea, which had recently surged in popularity to become the top free app on the App Store with over two million new signups, is now facing pressure to rebuild trust with its user base. As Black Star News notes, users affected by the breach are mostly those who signed up before February 2024. The potential misuse of leaked IDs and private photos raises concerns about blackmail, harassment, and identity theft.

The Tea App was created to offer women a secure, anonymous platform to share dating experiences, verify identities, and flag potential threats. But in light of the data breach, its security promises are under scrutiny.

Whether the company can recover and prevent future incidents remains to be seen. For now, it serves as a reminder that even platforms designed to promote safety can become targets, and victims, of digital threats.