Is the Tea app legal and who is the founder? Entire data breach controversy explained
-
Tea App (Photo: teaforwomen.com)Tea app, a viral dating safety tool for women, recently had their data breached, exposing private data of thousands of users, including government-issued IDs and selfies. The company confirmed being hacked in a statement shared on Instagram on Friday, July 25, 2025.
"We discovered unauthorized access to an archived data system. If you signed up for Tea after February 2023, all your data is secure."
Per the post, the company estimated about 72,000 images were accessed in the hack. This included 13,000 selfies and photo identification images used for account verification. The message noted that these photos could not be "linked to posts within Tea."
For context, Tea app is a dating safety tool for women founded by Sean Cook. According to CNN, women upload photos of men (readily found online on social media apps), and the app then runs a background check on the men, including searching public sex offender databases by performing a reverse image search. It also verifies whether the picture has been flagged as catfishing. Further, the app includes the feature "Tea Party Group Chat," which allows women to directly share information about and their experiences with the men. The group chat also has a ratings function, allowing the users to award a "red flag" or a "green flag."
However, the inclusion of men’s names and other information on the app have raised questions about its legality. Per Elliot Williams, former deputy assistant attorney general at the Justice Department and a legal analyst at CNN, the Tea app's "biggest problems" were "not legal."
Tea app's data breach controversy explained
According to the Tea app's Instagram post, in addition to accessing their archived data system, an additional 59,000 images that were publicly viewable on the app had also been accessed. This included messages. The statement continued:
"This data was stored to meet law enforcement standards around cyberbullying."
Per the company, they were working with cybersecurity experts to address the issue.
Notably, the news of the data breach came just a day after the app claimed to have gained a million new users. The application found itself atop Apple's App Store earlier this week after hordes of new users signed up to the app.
The security lapse was first reported by 404 Media. Per the outlet, a hacker posted a download link to the data on 4Chan, an image-based message board notorious for its lenient censorship and moderation policies.
According to AInvest, the breach has been attributed to "vibe coding." The outlet described it as a practice of developers using AI tools like ChatGPT to generate code without a thorough security review. Notably, in the case of the Tea app, the original hacker reportedly noted that the company's "Firebase bucket" had been "configured" to be "publicly accessible."
While the post has since been taken down, the data (including IDs) has found its way on other social media apps like X and decentralized platforms like BitTorrent.
Further, according to Live Mint, an anonymous user has allegedly created Google Map links displaying coordinates of affected users (this excludes their names and addresses).
Per the outlet, the rise of the Tea app's popularity has been met with backlash from men, including calling for coordinated hacking efforts on 4Chan just a day before the leak. Some have even taken to creating similar men-only apps. Notably, the App Store took down an app called Teaborn after its creator was accused of facilitating revenge p*rn, according to Live Mint.
Despite the breach, the Tea app currently has about 900,000 waiting to join.
A note about legal questions surrounding the Tea app
Per CNN's Elliot Williams, the legal questions surrounding the Tea app mainly concern privacy violations, defamation, and the potential of "criminal exposure related to online behavior."
Posting pictures of men without their consent violates their privacy rights. However, these photos are taken from social media and dating apps where they have been voluntarily posted. Per Williams, when sharing a picture on sites like Instagram, the user retains rights to it (owns it), but they grant the platform (Instagram, in this case) the right to distribute and display it. Williams elaborated:
"It becomes harder to make a privacy rights argument when one has waived those very rights to the photo in another context."
According to Cornell's Legal Information Institute, for a defamation suit to hold true, it must show:
- False statements presented as facts (not opinions)
- Publication or communication of that fact to a third party
- The person presenting the fact must act in negligence (this includes being aware that it is false, omissions, and knowingly cause harm)
- Cause some harm (either to reputation or financial)
While anything posted on the app is public, the nature of the statement (an individual expressing her opinion) might not satisfy claims of defamation. That is, unless she was knowingly fabricating information.
Quoting attorney William Barnwell, Fox2Detroit.com wrote:
"Truth is an absolute defence for a defamation claim; you can’t just sue someone because your feelings are hurt."
However, Barnwell cautioned users to be careful. He explained that they could be saying "something that is true," but if it's used to "constantly harass" someone, they could land in legal trouble.'
Moreover, Elliot Williams, citing Section 230 of the Communications Decency Act, noted that the Tea app itself is protected from being liable for the content posted on the platform. In the case of the users, establishing criminal intent might be tricky because they could argue their aim was to protect other women and not harm someone.
While many continue to question the need for the Tea app, it is also worth noting that First Post, citing a 2019 ProPublica report by Columbia Journalism Investigations, relayed that one-third of the 1,200 women they interviewed were s*xually assaulted by men they met on dating apps.
TOPICS: Tea App