PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

4chan Posts Sensitive Data From Women-Only Dating Safety App

The Tea app confirms that roughly 72,000 images were exposed, including 13,000 selfies.

Will McCurdy
 & Will McCurdy Contributor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Tea)

UPDATE 7/29: It appears that recent data from the Tea app was also exposed.

Original Story:
The personal data of tens of thousands of users of the woman-only dating safety app Tea has been leaked, including passports, selfies, and driver’s licenses.

Founded in 2023, Tea allows women to exchange information about men in their area in the interest of safety. It reached the top of the App Store ranking this week and topped 4 million users worldwide. The app has received praise from some quarters but also criticism from commentators who believe it could be used maliciously.

According to 404 Media, users on the infamous anonymous imageboard 4chan posted links to an exposed cloud database hosted on Google’s mobile app development platform, Firebase. 4chan users then searched through the data, posting selfies and identities. In one screencap captured by 404 Media, a user claimed to have downloaded over 3,000 images.

Recommended by Our Editors

Google Will Soon Spot Fake Calls on Supported Android Phones
Google Will Soon Spot Fake Calls on Supported Android Phones
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Report Cites Misinformation As Key Threat to Election Security, Doesn't Name the Biggest Offenders
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
Meta's AI Chatbot Allegedly Helped Hackers Hijack Instagram Accounts
(Credit: Tea Dating Advice)

In an official statement, Tea confirmed that roughly 72,000 images were exposed. This included 13,000 selfies and pieces of photo ID submitted for account verification, as well as 59,000 images from users’ posts, comments, and direct messages. The app clarified that the impacted data was from two years ago, so recent sign-ups to the app may not have been impacted. No phone numbers or email addresses are thought to have been compromised.

(Credit: 404 Media)

4chan users allegedly said the user data was stored on a "public bucket," a storage container whose contents are accessible without requiring authentication or authorization. 404 Media claims that the bucket linked by 4chan users was the same storage bucket they uncovered in the app's source code, though Tea has not officially addressed these claims.

“We have engaged third-party cybersecurity experts and are working around the clock to secure our systems,” the company said. “At this time, we have implemented additional security measures and have fixed the data issue.”

4chan has been implicated in numerous high-profile hacks over the decades. In 2014, it hosted images of multiple Hollywood celebrities after hackers breached their iCloud accounts by guessing passwords. The website suffered a major hack of its own earlier this year, going offline for two weeks as a result of a "catastrophic" cyberattack that exposed its source code.

About Our Expert

Will McCurdy

Will McCurdy

Contributor

I’m a reporter covering weekend news. Before joining PCMag in 2024, I picked up bylines in BBC News, The Guardian, The Times of London, The Daily Beast, Vice, Slate, Fast Company, The Evening Standard, The i, TechRadar, and Decrypt Media.

I’ve been a PC gamer since you had to install games from multiple CD-ROMs by hand. As a reporter, I’m passionate about the intersection of tech and human lives. I’ve covered everything from crypto scandals to the art world, as well as conspiracy theories, UK politics, and Russia and foreign affairs.

Read the latest from Will McCurdy

Read full bio