The recent data breach affecting the women’s only dating safety app, Tea, is a stark reminder of the vulnerabilities inherent in online platforms, particularly when user trust and sensitive personal identifiable information (PII) are involved.
The Tea App data breach saw the personal information and images of an estimated 72,000 female users exposed and subsequently uploaded to 4chan, an anonymous messaging forum. Within hours, analysts at Resolver observed some users leveraging this sensitive data to dox and harass users. Others used the database to create a misogynistic game that was also shared across mainstream forums. This game allows users to rank the women based on their physical appearances, with users compiling lists of the “lowest ranked” women and singling them out for abuse.
The Tea App, which launched in 2023 rapidly ascended to become the top free app in the Apple store with over 4.6 million women users at the time of analysis. The app was designed to allow its users to anonymously discuss and warn others about men, notably identifying “red flags” or “green flags” in dating experiences. Its intention was to foster a safer online and offline environment for women.
Instead, the data breach has undermined this goal. In particular, the leak of customer PII and its subsequent weaponization by cyber misogynist communities underlines the serious risks of women’s private data being misused by malicious actors operating across mainstream, alt-tech and private messaging apps.
Overlooked security measures led to the data leak
At the heart of the incident was the core cybersecurity failure of storage of user-uploaded images in an unsecured public Firebase database. This included highly sensitive data including identification documents such as passports and driver’s licences, which were accessible without encryption or access control. This meant the vault of personal information was essentially wide open.
While Tea stated the data leak only impacted those who signed up before February 2024, the fact that this sensitive data was still accessible and un-audited in July 2025, is a significant concern. Additionally, media coverage of the incident indicates that users were initially assured their verification photos would not be stored – a broken promise that creates significant legal and regulatory exposure for the company.
ID verification efforts on the Tea App were initially intended to ensure user safety and establish trust. Instead, the leak of PII required as part of these verification requirements resulted in doxxing and severe harassment of apps users, including the use of abusive language and harassment related to their physical appearances.
An(other) incident motivated by misogyny
The leaked data was shared to 4chan, an unmoderated online forum with a history of facilitating coordinated harassment campaigns targeting women, as well as racist and misogynistic content. 4chan’s ability to facilitate and encourage gender-based harassment made it an ideal place to release and weaponize the data leak. The Tea App was envisioned as a means of empowering women to share information for their collective safety.
At launch this approach generated considerable backlash online, with much of this criticism rooted in misogyny originating within hateful echo chambers in unmoderated spaces. These narratives included accusations of the app providing a one sided recourse, which men were not permitted to view or respond to. Other users alleged the app would promote the defamation and shaming on men discussed by female users in the app. Such discourse also generated multiple calls for a “mens only app” to be created in retaliation.
As a consequence, the leaked database of women became the ideal leverage in retaliation against the purpose of the app and the women who engaged with it. It became a means to ‘punish’ women for daring to create a space to hold men accountable. Subsequent narratives no longer only reside within 4chan, but have since migrated across social media platforms. This highlights the rapid way in which weaponized cyber misogyny spreads, and its troubling popularity.
Real people, real impact
The human cost of this breach cannot be overstated. The leaked data not only included personally identifiable information (PII) about its female users but also some of the men discussed in the leaked conversations.
Meanwhile, a second leak has exposed the more than 1.1 million messages from early 2023 to July 2025, shared between users on the app containing potentially defamatory comments about the negative experiences with men, some of which included discussions of abortions and the exchanging of phone numbers.
Exposing these women gravely increases their risk of real world harm. It is also important to note that some men who were pictured in posts in the app were also victimized by the data breach. While the primary risk remains to women whose PII were exposed, some men have also become secondary targets in the breach.
A recent analysis of how the leaked data spread indicates that 4chan users actively worked to cross-reference the leaked photos and find the women’s social media, and in some cases home addresses and geolocation. This information was then employed in posts that sought to shame, mock and sexualize the women. In this manner, cyber misogynist communities transformed the data leak into a deliberate and coordinated campaign to humiliate users and “punish” women for using the app.
Some users on 4chan shared the leaked database of women users and directed abuse and hatred towards women for using the Tea app.
Users on 4chan shared links to the leaked database and called on other users to “rate” the women – effectively creating a misogynistic game where users can rank or rate the women based on their appearance in the leaked photos. Other users also created posts listing the “bottom ranked” women and singled them out for further mockery, hate and abuse.
Users also used the leaked database to create a misogynistic game that allowed others to “rank” the women based on their physical appearances.
This data breach serves as an example of how bad actors are constantly seeking out new weaknesses in online infrastructure in order to retaliate against ideologies, and individuals they disagree with. Apps focused on the protection of vulnerable groups need to anticipate retaliation and hostility and proactively safeguard their users. In other words, the reason they exist is likely the reason they will be targeted.
Resolver’s unwavering commitment to Trust & Safety
With over 20 years working at the forefront of trust and safety intelligence, Resolver is uniquely positioned to understand the intricate interplay of platform security, online behaviour, and the profound impact these can have on platforms and users.
We believe the Tea App breach underscores that prevention is paramount, not just reactive mitigation. For a platform handling sensitive PII like the Tea App, a truly comprehensive security strategy is required. This includes a proactive approach towards threat intelligence to identify hostile actors, tactics and the vulnerabilities they are likely to exploit.
The online world offers incredible opportunities, but it also carries significant risks. At Resolver, we will continue to advocate for a safer, more accountable online environment for everyone.
To learn more about how Resolver Trust and Safety Intelligence can help your platform move from reactive to resilient online safety systems please reach out.
