Tea, the women-only dating safety app that features anonymous reviews of men, is facing a class-action lawsuit after a data breach exposed tens of thousands of user pictures and other personal information. The lawsuit, filed Monday, July 28, also names the social media platform X and the anonymous online forum 4chan.
The complaint, brought by a Northern California woman identified with the pseudonym Jane Doe, accuses the three companies of negligence, invasion of privacy and violations of federal law after 72,000 sensitive images were left publicly accessible on a misconfigured database.
Download the SAN app today to stay up-to-date with Unbiased. Straight Facts™.
Point phone camera here
The images included selfies of users, as well as photos of driver’s licenses and passports, that Tea obtained to verify user identities. The data was discovered and shared by users on 4chan, which the complaint calls “the notorious imageboard known for harassment campaigns against women.”
“This wasn’t a sophisticated hack,” the lawsuit says. “This was the digital equivalent of leaving the bank vault door wide open with a neon sign saying ‘Free Money Inside.’”
The plaintiffs are seeking damages, restitution and injunctive relief. They also want the defendants to implement stronger security measures to prevent future exposure and dissemination of sensitive personal information.
Data spread on X
After discovering the exposed database, 4chan users began downloading the files in bulk. Links to download the data cache proliferated on X as well. The lawsuit says that despite notifications to both websites, neither removed the data in a timely manner.
“X Corp.’s inadequate response ensured that the stolen data reached a far wider audience than 4chan alone could have achieved,” the complaint says.
The plaintiff, according to the filing, joined Tea in February 2024 to anonymously warn other women in her area about a man who had allegedly sexually assaulted two other women. The woman gave Tea a selfie and a photo of her driver’s license, believing her identity would be kept confidential.
The lawsuit says Tea “became the very threat it promised to protect against” by exposing women’s personal data.
“She lives in constant fear that her exposed driver’s license will be used for identity theft, that her biometric data will be used to create deepfakes or bypass security systems, or worst of all, that the man she reported will find out she exposed him on the app and seek retaliation,” the complaint says.
Private messages accessed
To make matters worse for Tea, on the same day the lawsuit was filed, a security researcher accessed more than one million private messages from the app that detailed sensitive discussions on everything from abortion to cheating partners.
In response, Tea said it disabled its direct messaging feature.
“We have recently learned that some direct messages (DMs) were accessed as part of the initial incident,” the company said in a statement. “Out of an abundance of caution, we have taken the affected system offline.”
