Associated Incidents
A fast-growing app for women was hacked after it shot to the top of app download charts and kicked off heated debates about women's safety and dating.
The app, Tea Dating Advice, allowed women worried about their safety to share information about men they might date. Its premise was immediately polarizing: Some praised it as a useful way to warn women about dangerous men, while others called it divisive and a violation of men's privacy.
On Friday, Tea said that hackers had breached a data storage system, exposing about 72,000 images, including selfies and photo identifications of its users.
Here's what to know about the situation.
What is the Tea app?
Released in 2023, the U.S.-based app says it is a resource for women to protect themselves while dating, with some online likening it to a Yelp service for women dating men in the same area.
Women who sign up and are approved can join an anonymous forum to seek feedback on men they are interested in, or report bad behavior from men they have dated.
Other tools on the app allow users to run background checks, search for criminal records and reverse image search for photos in the hope of spotting "catfishing," where people pass off photos of others as themselves.
According to Tea's site, the app's founder, Sean Cook, launched the app because he witnessed his mother's "terrifying" experience with online dating. He said she was catfished and unknowingly engaged with men who had criminal records.
When did it take off?
Interest in the app this week escalated after it became the subject of videos and conversations about dating and gender dynamics on social media.
On Thursday, Tea reported a "massive surge in growth," saying on Instagram that more than two million users in the past few days had asked to join the app. It was listed as the top free app in Apple's download charts, and was also highly ranked in the Google Play store.
Critics however, including some users on 4chan, an anonymous message board known for spreading hateful content, called for the site to be hacked.
What happened in the breach?
On Friday, Tea said that there had been a data breach of a "legacy storage system" holding data for its users.
The company said it had detected unauthorized access to about 72,000 images, including about 13,000 selfies and images of identification documents, which the company solicited to verify that users are women.
Images from posts, comments and direct messages in the apps were also included in the breach, it said.
Whose data was hacked?
Tea said that the data belonged to users who signed up before February 2024.
According to Tea's privacy policy, the selfies it solicits are deleted shortly after users are verified.
The hacked images were not deleted. That data set was stored "in compliance with law enforcement requirements related to cyberbullying prevention," Tea said in its statement, and was not moved to newer systems that Tea said were better fortified.
Where did it end up?
Data from the hack, including photos of women and of identification cards containing personal details, appeared to circulate online on Friday.
An anonymous user shared the database of photographs, which the user said included driver's licenses, to 4chan, according to the tech publication 404 Media, the first outlet to report on the breach.
Some circulated a map, which The New York Times was unable to authenticate, that purported to use data from the leak to tie the images to locations.
That thread was later deleted. According to an archived version of the thread, the user accused the Tea app of exposing people's personal information because of its inadequate protections.
What happens now?
Tea said that it was working with third-party cybersecurity experts, and that there was "no evidence" to suggest other user data was leaked.
The app's terms and conditions note that users provide their location, birth date, photo and photo ID during registration. Tea said, that in 2023, it removed a requirement for photo ID in addition to a selfie.
The conversation around Tea has tapped into a larger face-off over the responsibility of platforms that women say can help protect them from dating untrustworthy or violent men.
Many of them, such as "Are We Dating the Same Guy?" groups, have spread widely on platforms like Facebook. But such groups have increasingly drawn accusations of stoking gender divisions, as well as claims from men who say the groups have defamed them or invaded their privacy.