Hackers have breached the Tea app, which recently went viral as a place for women to safely talk about men, and tens of thousands of women’s selfies and photo IDs have now seemingly been leaked online.
A spokesperson confirmed the hack Friday afternoon. The company estimates that 72,000 images, including 13,000 verification photos and images of government IDs, were accessed.
Tea is designed to function as a virtual whisper network for women, allowing them to upload photos of men and search for them by name. Users can leave comments describing specific men as a “red flag” or “green flag,” and share other information about them.
It’s recently gained such popularity that it became the top free app in the Apple App Store this week. The app claimed Thursday to have recently gained nearly a million new signups.
Signing up for Tea requires users to take selfies, which the app says are deleted after review, to prove they are women. All users who get accepted are promised anonymity outside of the usernames they choose. Taking screenshots of what’s in the app is also blocked.
The hacker accessed a database from more than two years ago, the Tea spokesperson said, adding that “This data was originally stored in compliance with law enforcement requirements related to cyberbullying prevention.”
The Tea spokesperson said that the company has hired third-party cybersecurity experts and is “working around the clock to secure our systems.”
“Protecting our users’ privacy and data is our highest priority. Tea is taking every necessary step to ensure the security of our platform and prevent further exposure,” the spokesperson said.
The app has angered some men, and prompted a thread Thursday evening on the right-wing troll message board 4Chan, in which users called for a “hack and leak” campaign. The company became aware of the incident, which was first reported by 404 Media, early Friday, the spokesperson said.
A 4Chan user posted a link Friday morning, allegedly allowing people to download the database of stolen images, and troves of alleged victims’ identification photos have been posted on 4Chan and X.
NBC News has not verified the authenticity of the photos or their provenance.
On Google Maps, a user has created a map that purports to show the locations of Tea users that were affected by the hack, though there are no names attached to the coordinates posted.
The Tea app’s creator, Sean Cook, said on its website that he was inspired after he watched his mother’s “terrifying experience with online dating,” including being catfished and unknowingly dating men with criminal records.
On Tea, users can run background checks, search for criminal histories and reverse-search photos to check whether a man is catfishing.
The app also claims to donate 10% of its profits to the National Domestic Violence Hotline. (The hotline confirmed to NBC News that the company is a donor.)
Some men online have expressed in online posts that they fear being misrepresented or doxxed on the platform. Others, including some users of the app, have also raised concerns that the app could lead to harmful cyberbullying unrelated to actual safety concerns.
In a few online forums, men have floated the idea of creating their own men-only version of the app as payback for women’s use of Tea. One such app, called Teaborn, quickly ignited backlash after its creator called users out for posting revenge porn. The app is now removed from the App Store.
The app said in an Instagram story that new signups have surpassed 2 million in the past few days. Many who have posted on the app’s Instagram page said they remain on the app’s waitlist. By Friday, several commenters had also started expressing concerns about their data privacy in the wake of the hacking news.