Tea App cybersecurity incident update

The Tea App has issued an update regarding the cybersecurity incident that occurred on July 25, 2025. During the course of an ongoing investigation, it was discovered that some users’ direct messages (DMs) were accessed as part of the initial breach. As a precautionary measure, the company has disabled DM functionality and taken the affected system offline.

Tea App cybersecurity incident update

At present, there is no evidence that other systems or parts of the environment were accessed. The company is continuing to work closely with external cybersecurity experts and the FBI. Due to the sensitivity of the investigation, certain information is being withheld until it can be responsibly disclosed.

The Tea App team remains committed to enhancing the platform’s security and plans to share more about forthcoming improvements. Meanwhile, they are in the process of identifying individuals whose personal information may have been involved and will be offering free identity protection services to those affected.

Official statement on the incident

At 6:44 AM PST on July 25, 2025, Tea App identified unauthorized access to its systems. A full investigation was immediately launched with the support of third-party cybersecurity experts. Preliminary findings indicate that a legacy data storage system was compromised, resulting in unauthorized access to a dataset dating back to before February 2024.

The compromised dataset included approximately 72,000 images. Of these, around 13,000 were selfies or identification photos submitted by users during account verification, while approximately 59,000 were images publicly viewable in the app, sourced from posts, comments, and DMs. No email addresses or phone numbers were accessed. Only accounts created before February 2024 were affected.

These images had been retained in accordance with law enforcement requirements related to cyberbullying investigations. Tea App continues to work around the clock with internal and external experts to secure its systems and determine the full extent of the breach.

Users with concerns are encouraged to contact the company’s support team. The company reiterated that user data privacy remains a top priority and that all necessary measures are being taken to prevent further exposure.

When did the incident occur?

Unauthorized access was identified at 6:44 AM PST on Friday, July 25. A full-scale investigation began immediately.

What data was accessed?

The breach affected a legacy storage system containing information from before February 2024. Around 72,000 images were accessed, including 13,000 selfies or photo ID verification images and 59,000 public images from posts, comments, and DMs.

Do users need to delete their account?

No action is required. However, users who wish to delete their accounts can do so within the app or by contacting accounthelp@teaforwomen.com with the subject line "Remove my Account" and their city/state, birth date, and any remembered username details.

What steps is Tea taking to protect users now?

Tea App has engaged cybersecurity experts, implemented additional safeguards, and resolved the issue in question. The team is actively assessing the full impact of the incident while working to strengthen overall platform security.

Weren’t the selfies deleted?

The images had been archived in compliance with law enforcement directives to support cyberbullying prevention efforts. Current findings suggest there is no evidence that these photos can be directly linked to individual users in the app.

How can users contact Tea?

The company remains available to address user concerns via support@teaforwomen.com. Ongoing updates will be provided as the investigation progresses.

How did the breach occur?

The incident involved a legacy system that had not been fully migrated to the newer, fortified infrastructure adopted in February 2024. The unauthorized actor exploited a vulnerability in this outdated storage system, which housed user data collected before that date.

What personal information was involved?

Approximately 72,000 images were accessed, including 13,000 selfies or ID-related images submitted during account verification and 59,000 images that were publicly visible within the app.

Why were IDs required previously?

During the app’s early development, Tea App required photo IDs to confirm that users were women, a measure intended to improve community safety. This requirement was phased out in 2023.