A massive data leak involving Tea, a dating app popular among women globally, has reportedly compromised the private data of over 11 million female users, including selfies, identification documents, and personal conversations, according to a recent cybersecurity report.
The breach was revealed by vpnMentor, a well-regarded cybersecurity firm, which found that Tea’s misconfigured cloud server exposed more than 274 gigabytes of sensitive user data. Most disturbingly, this included front-and-back scans of photo IDs, government-issued documents, and private chat logs — many of which were sexually explicit.
Selfie Verification Turned Into a Security Risk
Tea, which brands itself as a “female-first” platform emphasising safety, trust, and verification, requires users to submit selfies and identification cards for onboarding. While this was meant to build a safe environment and reduce catfishing, the leak has now endangered the very users it sought to protect.
vpnMentor researchers noted that the exposed data was stored on an open Amazon Web Services (AWS) bucket, accessible without authentication. “The scale and depth of the data breach make it one of the most serious violations of privacy on a dating platform in recent times,” the report stated.
Notably, the dataset contained millions of chat messages, often including names, locations, and photographs of the participants. While the exact timeline of the exposure remains unclear, the server has since been secured.
Concerns Mount Over Tech Safeguards and Gendered Risks
The Tea app breach raises major questions about data handling practices in emerging dating apps, especially those targeting vulnerable demographics. Privacy experts warn that the exposure of such intimate and identifiable data could lead to blackmail, harassment, and reputational harm.
There has been no formal statement from Tea’s developers, and the app remains live on app stores.
With female users comprising the core demographic of Tea, advocacy groups have called for a regulatory audit and public accountability. “This isn’t just a tech glitch — it’s a women’s safety issue,” said cyber lawyer Pooja Mehta.
The incident adds to a growing list of gender-targeted cyber vulnerabilities, highlighting the urgent need for secure-by-design policies in femtech and dating ecosystems.