4chan Hacker Breaches Tea Dating App, Leaks Tens of Thousands of Selfies
In an age where digital dating is becoming the new norm, privacy breaches are no longer isolated incidents — they’re looming threats for millions. Recently, the Tea dating app, a platform designed specifically for the LGBTQ+ community, suffered a major data breach. A hacker associated with the infamous image board 4chan gained unauthorized access to the app’s verification system and leaked over 72,000 user selfies online.
This alarming incident has raised serious concerns over the safety of marginalized communities on digital platforms, especially those who already face social stigma. In this detailed article, we explore everything about the breach: what happened, how it happened, who was affected, and what this means for users and the broader LGBTQ+ community.
What Is the Tea Dating App?
A Safe Space for the LGBTQ+ Community
Tea is a dating app that caters primarily to transgender, non-binary, and queer individuals. Its main selling point is safety and inclusivity — two things often lacking on mainstream dating apps. Unlike other platforms, Tea uses selfie-based identity verification, requiring users to upload a selfie holding up a specific gesture or note to confirm authenticity and reduce catfishing.
With an increasing number of users globally, Tea has grown to become a safe haven for LGBTQ+ individuals looking to connect without fear of judgment or harm — until now.
The Breach: What Exactly Happened?
The Initial 4chan Leak
On July 24, 2025, an anonymous user on 4chan’s /g/ (technology) board posted a disturbing message:
“Tea app servers are a joke. Got all the selfies. Here’s a sample. Dump coming.”
Soon after, a torrent link surfaced containing over 72,000 user verification selfies, supposedly scraped directly from the Tea app’s servers. Within hours, the data had spread across multiple platforms, raising panic among users.
What Was Exposed?
According to cybersecurity analysts, the leaked data included:
- User verification selfies (face pictures)
- Time and date stamps
- User IDs and possibly linked email hashes
- In some instances, IP addresses
While no passwords or financial data were confirmed to be leaked, the sensitive nature of the selfies — many of which revealed individuals in vulnerable or private situations — made this breach particularly harmful.
Why Is This Breach So Damaging?
Targeting Marginalized Groups
Tea’s user base is composed largely of transgender, non-binary, and queer individuals, many of whom have not disclosed their identities to families, employers, or even close friends. The leakage of their verification selfies puts them at immediate risk of:
- Outing without consent
- Cyberbullying and harassment
- Blackmail or extortion
- Mental health trauma
For individuals in conservative regions or countries where LGBTQ+ identities are criminalized or taboo, this could result in life-threatening consequences.
Trust and Digital Vulnerability
The breach has shattered the sense of safety that Tea promised its users. Many have taken to social media expressing anger, fear, and disappointment.
“I verified on Tea because I trusted it was a safe place for people like me. Now my face is out there and I’m scared.”— Anonymous user via Reddit
How Did the Hack Happen?
Lack of Encryption and Poor Server Security
Cybersecurity researchers who examined the breach claim that Tea’s servers lacked basic protection mechanisms. Among the vulnerabilities discovered:
- No encryption of stored selfies
- Insecure APIs that allowed bulk access
- No rate limiting or IP monitoring
- No 2FA (Two-Factor Authentication) for admin access
The hacker reportedly used simple scripts to pull data directly from the server endpoints, indicating that Tea’s infrastructure was not equipped to handle a targeted attack.
Tea’s Response: Too Little, Too Late?
Official Statement
In a press release posted on July 25, Tea confirmed the breach, stating:
“We are deeply sorry for the breach of our users’ trust. We are working with cybersecurity experts and law enforcement to identify the root cause and take appropriate action.”
However, the response has been widely criticized as delayed and vague. Many users claim they were not informed directly, and only learned about the breach through social media or 4chan itself.
Steps Tea Claims to Have Taken
- Disabled new user registrations temporarily
- Revoked access to all admin-level APIs
- Engaged third-party forensic analysts
- Promised to notify affected users via email
Yet, for many, this was damage already done.
What Are the Legal and Ethical Implications?
GDPR and Global Data Protection Laws
If Tea operates in the EU, this breach may have violated GDPR (General Data Protection Regulation), which mandates strict protections for user data and imposes heavy penalties for non-compliance.
In the U.S., where federal privacy laws are still fragmented, some states like California under CCPA could pursue action if users are found to be residents.
Ethical Failure
Beyond legal consequences, the incident represents a significant ethical failure. For an app that marketed itself as “safe for the most vulnerable,” failing to encrypt private photos and monitor server security is unacceptable.
User Reactions: Fear, Anger, and Distrust
On platforms like Twitter, Reddit, and Mastodon, thousands of users have shared their experiences:
- Some reported being doxxed or contacted through social accounts.
- Others are seeking ways to remove their images from the internet, though once shared on 4chan and mirrored, full deletion is nearly impossible.
- A growing number of users are urging others to delete their accounts and never trust niche dating apps again.
The TEA app that requires you to do a selfie has just been Leaked on 4chan and the Dark Web.
— Hexologist 🇺🇸 (@Hexologist31) July 25, 2025
Stop Giving apps and Companies your info they will be HACKED and your info WILL be leaked.
Pulsechain solves this pic.twitter.com/Pk6zeTq8SL
What Should You Do If You Used Tea?
Immediate Steps to Protect Yourself
- Delete Your Tea Account — and request data deletion via email or in-app support.
- Change your passwords on all platforms where your Tea email was used.
- Check HaveIBeenPwned or similar sites to see if your email is in any known leaks.
- Google yourself to monitor if your image appears on search engines or reverse image sites.
- Report any harassment or extortion attempts to your local cybercrime authorities.
The Tea dating app breach is a stark reminder of how deeply intertwined privacy, identity, and technology have become — especially for communities already living on the edge of societal acceptance. The leak of tens of thousands of user selfies is not just a technical failure; it’s a human one.
For LGBTQ+ individuals, dating apps like Tea aren’t just platforms — they are lifelines. They provide connection, love, safety, and affirmation. But when that safe space becomes a battleground of exploitation and exposure, it shatters more than digital trust — it shatters people.
As we move further into the digital age, app developers, governments, and users alike must prioritize data protection not as a feature, but as a fundamental right. Because no one should ever have to fear being seen — especially in a place where they came to feel seen and safe.
Frequently Asked Questions (FAQ)
Q1. Is it safe to use Tea anymore?
A: As of now, it’s difficult to say. While the company claims to be tightening security, the lack of prior preventive measures has severely damaged its credibility.
Q2. Can I sue Tea for leaking my data?
A: If you’re in a region with strong data privacy laws (like the EU), you may have legal grounds. Consult a lawyer specializing in data privacy or file a complaint with your country’s data protection authority.
Q3. How can I remove my leaked photo from the internet?
A: Unfortunately, once images are shared on platforms like 4chan, it’s extremely hard to remove them completely. You can:
- File takedown requests on Google.
- Use copyright claims (if it’s your image).
- Contact major hosting providers.
Q4. What can apps do to prevent this?
A: All dating and identity-sensitive apps must:
- Use encrypted storage (AES-256 or similar)
- Enforce 2FA on admin and user accounts
- Conduct regular security audits
- Follow GDPR, CCPA, or local data laws
- Educate users about data privacy
Also Read :
Happy Gilmore 2: Adam Sandler’s Family Affair, Release Date, Full Cast, Plot & Celebrity Cameos
How to Confidently Read Candlestick Charts: 16 Powerful Patterns Every Trader Should Know