Hackers post verification and ID photos from women’s safety app Tea

Tens of thousands of photos from women’s dating safety app Tea have been exposed by hackers, including 13,000 verification photos and images of government IDs, according to the company.

The app is used by women to perform background checks on men they met on dating apps, including conducting reverse image searches and accessing crowdsourced data, criminal records and phone records. The platform also allows users to “spill the tea,” i.e., anonymously review men they have dated.

The Tea app relies on uploading selfie photos to verify identities and ensure that its users were women. The app recently reached 1.7 million users, becoming the top free app in the Apple App Store last week.

Its success, however, has invited criticism from some men, including users of the 4Chan message board. On Thursday, users reported discovering an exposed database hosted on Google’s mobile app development platform, Firebase. Tea’s data, including verification photos, was posted on 4Chan and X, according to screenshots and posts collected by 404 Media.

Tea says that the database accessed by hackers was two years old and included a total of 72,000 images. The company claims that the data was originally stored in compliance with law enforcement requirements related to cyberbullying prevention.

According to its privacy policy, selfie photos submitted by users should be stored only temporarily and deleted immediately after the completion of the verification process. The app relies on native device biometrics for secure authentication, with biometric data processed and stored locally on the user’s device.

A Tea spokesperson told NBC News that the company has hired third-party cybersecurity experts to secure its system.

Article Topics

biometrics  |  cybersecurity  |  data protection  |  identity document  |  mobile app  |  selfie biometrics