Tea app data breache images

This post describes what types of images were leaked in the breach when hackers accessed Tea App’s data

Scope of the Image Leak

Around 72 000 user images were accessed by unauthorized actors including approximately 13 000 selfies and photo IDs submitted during account verification and about 59 000 images that came from in app content such as posts direct messages and comments  

These images were stored in a legacy system archive that should have been deleted after verification but remained accessible in an unsecured database for users registered before February 2024  

Type of Visual Content Leaked

Verification selfies government issued photo IDs user posted images discussions and direct messages all appear to have been part of the leaked set  

This includes profile pictures that were meant to prove user authenticity before joining the app and content shared privately or publicly inside the app community

Why This Matters

Verification selfies and IDs carry real identity attributes and leaking those files poses a risk of identity exposure misuse or stalking

Content from posts DMs and comments could contain names photos locations or other personal information even if those fields were not stored separately  

What Tea Has Said

Tea confirmed detection of the breach on July 25 2025 and said it affected only legacy users who signed up before February 2024 The company stated that no email phone number or current user data appears impacted and that it is working with cybersecurity partners to secure systems  

What Affected Users Should Do

Users should review what they have shared in the app especially verification photos and messages Consider deleting account media if privacy is a concern Remain vigilant about phishing attempts or sites claiming to host leaked content Real official statements offer most reliable guidance

Conclusion

The Tea App breach exposed a large volume of images including sensitive verification documents and user generated content even though structured profile fields were not accessed

This incident highlights how storing images without proper access controls can lead to severe privacy failures

Even platforms designed to keep users safe can be undermined by misconfigured cloud systems

You might to like read this blog