Tea App leak: The women-only dating advice app founded by Sean Cook was hacked by a user platform 4chan. ‘Tea’, the anonymous community of users, faced a major data breach where more than 72,000 user verification selfies were leaked. Posts across social media gave access to the private images used during sign-up, which contained sensitive information like government IDs.
The viral app’s safety warning read “During the registration process, users are required to submit a selfie photo for verification purposes. This photo is securely processed and stored only temporarily and will be deleted immediately following the completion of the verification process,” leaving netizens devastated.
The Tea app has been hacked, and you can go download 59.3 gigabytes of user selfies right now.
The hack is real. A picture from someone I know who signed up just to see what was on there was in it.
This was an obviously vibe-coded app and was bound to be insecure. pic.twitter.com/yrUxW1cFZc
— Crémieux (@cremieuxrecueil) July 25, 2025
Tea app responds
As a response to the Tea app leak, the breach founder Sean Cook said that the Tea app hacker gained “authorised access” to one of their system, which might have led to the lapse. While a formal investigation has been launched into the matter, users claim that the breach could have been caused by poor Firebase configuration of the Tea app.
Claiming safety and anonymity, this breach sparked outrage over the claims made by the viral app. Netizens did not spare the app’s developers. One pointed out, “that’s a lawsuit right there because it turns out that they stored it all in an open database that was exposed to the internet. Anybody with the URL could access it. There was absolutely no security on it.”
Was it even a ‘hack’?
Tech experts gathered to analyse what went wrong, arguing that it wasn’t truly a hack if the data had been publicly accessible. With over 60 GB of information leaked, users’ locations were also exposed because the metadata hadn’t been stripped out. As a result, anyone with access to the files could potentially track the women who had signed up for the app.
The leak has also triggered a debate on misandry and how this app was promoting “slandering men” under the mask of “community”. Moreover, netizens speculate a “major lawsuit” coming towards the app’s founder.
Finding similarities to the apps that existed earlier, a user remarked, “DontDateHimGirl in 2005 Lulu in 2015 and now Tea in 2025? So… I guess we just keep making this app every ten years and wait for it to blow up?”
Overall, netizens blamed the “lazy developers” for the app’s data breach as sensitive data including government identities and geolocations ended up online. Ending with a teachable moment, a user posted, “I think this is a good lesson and reminder that vibe coding is cool and all, but not everyone should be making apps, especially if they do not understand security. I hope this is a lesson for the future.”
