Previous participants of the well-known women’s dating safety application Tea have fallen victim to a major cyber assault, revealing thousands of user images from an older database. Initially highlighted by Reddit users, the breach was validated by 404Media and subsequently confirmed by Tea, affecting 72,000 images uploaded to the application over the last two years. Among the exposed data, 13,000 images consisted of selfies or photo identification cards, like driver’s licenses, provided by users for account validation. An extra 59,000 images were of individuals shared on the app.

Tea, developed by Sean Cook, was designed as a platform exclusive to women for sharing negative encounters with men and advising other women about potential risks. According to Tea’s official site, 10 percent of its earnings are contributed to the National Domestic Violence Hotline.

The flaw was uncovered by users on 4Chan, who started disseminating photo IDs of women from the platform. In a thread outlining the breach, one user remarked: “Yes, if you sent Tea App your face and driver’s license, they doxxed you publicly! No authentication, no anything. It’s a public bucket. DRIVER’S LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!” Other users claimed they were extracting personal details from the images, as reported by 404Media. In a response to the outlet, Tea indicated that the data was maintained to adhere to cyber-bullying prevention rules and that no current user data had been compromised.

Earlier this week, following several viral tweets from its users, Tea ascended to the top position on the Apple App Store. The trending application has since sparked online debate, particularly among those who oppose its emphasis on documenting unwanted and inappropriate behavior by men in a public space, without verification. Many critics, including men mentioned on the app, perceive the app’s reporting systems, such as users uploading images of “red flag” men, and its user verification process, which utilizes photos to “confirm” a user’s gender, as breaches of privacy.

Culturally, others voice apprehension that its forum-like characteristic closely resembles online snark pages, which often push users to partake in obsessive gossip cycles and online harassment and could potentially incite doxxing. It has been likened to the popular “Are we dating the same guy?” Facebook page.

In a post on X from July 22, one user stated, “How long til there is a data leak? I’m giving it 1 month.” Other assertive online users reacted to the rise of the women-only app with overtly misogynistic “copycat” applications, including those aimed at tracking women’s “body counts.” “Introducing BoxScore, a man-only app where users anonymously share info and warnings about women to spot red flags and get feedback,” posted user @tolly_xyz on X.