Tea App Faces Legal Storm After User Photos and Data Leaked Online

June Bauer
Estimated read time 6 min read

Ten women have filed lawsuits against the Tea app following a major security breach that exposed thousands of user photos and private messages online. The potential class action suits could cost the company tens of millions of dollars.

What is the Tea App?
Tea, created by Tea Dating Advice Inc., gained rapid popularity in late July. It climbed to the top of Apple’s App Store. The app is designed for women. They can anonymously share information about men they are dating or have dated. Users upload photos of men, label them as “red flags” or “green flags,” and share details. As of early August, it remained highly ranked among free apps.

The Breach Timeline
Security problems hit the app hard in late July:

  1. July 25th: The first breach occurred. A Tea spokesperson told NBC News it involved about 72,000 images. Roughly 59,000 of these images were linked to posts, comments, and direct messages that became viewable.
  2. July 27th: Tech outlet 404 Media reported a second, larger issue. This breach exposed over 1.1 million user direct messages. These messages spanned from early 2023 to July 2024. Tea confirmed to NBC News that “some direct messages (DMs) were accessed as part of the initial incident.” The company stated the leaked data was from before February 2024.

The Lawsuits Begin
Ten lawsuits quickly followed in federal and state courts. All make similar core claims:

  • Negligence: Tea failed to implement adequate security measures to protect user data.
  • Breach of Contract: Tea broke promises made to users regarding data safety and deletion.
  • Failure to Safeguard Sensitive Data: The app collected highly sensitive information (selfies, ID photos, intimate conversations) but didn’t protect it.

Five plaintiffs are named; five are anonymous (listed as Jane Doe).

Real Users, Real Harm
The lawsuits detail significant harm suffered by users:

  • Griselda Reyes (Plaintiff): Signed up just days before the breach. She received a notice from Tea confirming her data was compromised. Reyes has since sought credit monitoring and identity theft protection. Her lawyer, Scott Cole, stated another anonymous plaintiff, now combined with Reyes’ case, fears how her shared information “might come back to haunt her.”
  • Jane Doe (Plaintiff in suit against Tea, X, and 4chan): Joined Tea “to anonymously warn other women in her Northern California community about a man who sexually assaulted at least two other women.” The lawsuit states: “The app promised her that anonymity. It promised her safety. It promised to delete her verification data. Tea broke every one of those promises.”
  • Another Jane Doe (Plaintiff): Her attorney, John Yanchunis, reported she faces “immense harassment online” due to the leak. “That’s been devastating to her… She has suffered emotional distress and has had to take steps to ensure that she can defend as best she can against both the attacks as well as the ongoing threat to identity theft.”
  • Anonymous User (to NBC News): Expressed feeling “very anxious and paranoid” since the breach. Criticized Tea for making the app known to men: “Originally, the app was started for women, and I don’t think they should have told the men about it.”

The Role of Online Platforms
One lawsuit also names the platforms X (formerly Twitter) and 4chan as defendants:

  • The suit alleges users on 4chan called for a “hack and leak” campaign against Tea the day before the first breach.
  • On the day of the leak, a 4chan user allegedly posted a link allowing download of the image database.
  • Leaked photos then circulated on X. Users also shared links to a site called “TeaSpill,” which allowed people to rank the leaked photos of women based on attractiveness.
  • The lawsuit claims these platforms allowed bad actors to spread users’ personal information. Neither X nor 4chan responded to requests for comment from NBC News.

Verification Data: A Key Issue
Joining Tea required users to submit verification photos. Tea claimed these photos were deleted after submission. A spokesperson previously told NBC News this data was “stored in compliance with law enforcement requirements related to cyberbullying prevention.” The lawsuits directly challenge Tea’s handling and deletion promises regarding this sensitive data. Leaked verification photos directly link real identities to anonymous app profiles.

Massive Financial and Existential Threat
The lawsuits seek significant damages:

  • At least four suits demand a minimum of $5 million each. Experts believe the total liability could soar much higher.
  • Brian Fitzpatrick, a class action expert at Vanderbilt Law School, compared it to suits against giants like MGM Resorts or T-Mobile, where settlements hit “hundreds of millions of dollars.”
  • Fitzpatrick noted a critical difference: Tea is tiny. Its LinkedIn page lists only five employees. While larger companies absorb such hits, an adverse ruling could destroy Tea. “It could be more of an existential threat to their existence… this is awful for their reputation. I don’t know if people are going to trust them anymore, and so they might lose all their users.”
  • Tea claims over 6 million users. Even a modest per-user settlement could be catastrophic given the company’s size. Fitzpatrick explained that damages might be higher per person in this case due to the uniquely sensitive nature of the leaked information compared to typical credit card breaches.
  • Yanchunis emphasized this uniqueness: “What’s unique here is the way this app promoted the safety and security of the platform… people in this type of app are going to reveal things that they might not otherwise reveal at large… it could be very devastating when it’s revealed.”

Proving Harm: The Legal Hurdle
Fitzpatrick noted a common challenge in data breach suits: proving concrete damages. It’s often easier to prove the company was liable for the breach than to prove specific monetary harm, like stolen funds or identity theft costs. However, he pointed to the immediate, documented harassment of Tea users and the creation of tools like the “TeaSpill” ranking site and alleged maps of user addresses. This visible misuse could strengthen plaintiffs’ damage claims significantly.

The Path Forward

  • A judge has already combined several cases.
  • The lawsuits aim for class action status, representing all affected users (“class members”). Fitzpatrick explained this process takes time: “We may not know if it will become an actual as opposed to potential class action for months or even years.” If certified, all eligible users would be included unless they actively opt-out.
  • Tea has declined to comment on the lawsuits. Its founder, Sean Cook, stated in a May Medium interview he started Tea after seeing his mother’s negative dating experiences and the vulnerability of women on traditional apps to “catfish, scammers and criminals.” Cook, who self-funded the app starting in November 2022, previously worked in San Francisco tech.
Avatar photo
June Bauer

Pop cultureaholic, Technology expert, Web fanatic and a Social media geek. If you have any questions or comments please feel free to email her at june@thecoinspost.com or contact her on X @JuneTBauer1

You May Also Like

More From Author