August 20, 2025
In an age where digital platforms increasingly shape our relationships, the Tea Dating Advice app bills itself as a “must-have app helping women avoid red flags before the first date with dating advice, and showing them who’s really behind the profile of the person they’re dating.” While the “anonymous” reviews of men on the app raised a separate set of privacy concerns, the recent data breaches of the Tea app highlight the importance of app security and its impact on user privacy.
In order to join the app, users were required to provide an identity document like a driver’s license and a selfie to validate their identity and gender. While the privacy policy stated that the selfies would be deleted after authentication, public reports state that the data was not deleted but instead held in publicly available data buckets without authentication requirements, resulting in the compromise of approximately 72,000 images, 13,000 of which were selfies and identification documents, while the other images were posted within the app. Some of the data was shared on message boards, and message board users reportedly used location metadata associated with the photos to map Tea members’ locations.
After discovering the initial compromise, researchers later discovered that over 1.1 million private messages exchanged on the app had also been compromised. The Tea app disabled private messaging in the aftermath of the discovery. Multiple class action lawsuits have been filed in the wake of the breach.
This breach is a cautionary tale for developers building platforms that handle sensitive personal data as well as for consumers providing the data. Developers should keep these key privacy and cybersecurity considerations in mind:
Copyright © Finnegan, Henderson, Farabow, Garrett & Dunner, LLP. This article is for informational purposes, is not intended to constitute legal advice, and may be considered advertising under applicable state laws. This article is only the opinion of the authors and is not attributable to Finnegan, Henderson, Farabow, Garrett & Dunner, LLP, or the firm’s clients.
Articles
California Reaches Record $12.75 Million CCPA Settlement with General Motors Over Driver Data
June 4, 2026
Podcasts
AI Training, Data, and Governance: Copyright Battles and Legal Requirements
February 6, 2026
Due to international data regulations, we’ve updated our privacy policy. Click here to read our privacy policy in full.