4chan Clowns Find Open Database of Images From Viral Women’s Dating Safety App ‘Tea’

Emanuel Maiberg and Joseph Cox, reporting for 404 Media:

Users from 4chan claim to have discovered an exposed database hosted on Google’s mobile app development platform, Firebase, belonging to the newly popular women’s dating safety app Tea. Users say they are rifling through peoples’ personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media. In a statement to 404 Media, Tea confirmed the breach also impacted some direct messages but said that the data is from two years ago.

Tea, which claims to have more than 1.6 million users, reached the top of the App Store charts this week and has tens of thousands of reviews there. The app aims to provide a space for women to exchange information about men in order to stay safe, and verifies that new users are women by asking them to upload a selfie.

Tea jumped to the top spot in the App Store (it’s still at #4 as I type this, trailing only ChatGPT, Netflix, and Amazon Prime Video) and has been getting a lot of coverage this week. A wide open, publicly accessible database of users’ driver’s licenses and self portraits is, to say the least, pretty egregious.

I’m not accusing Tea in particular of being vibe-coded, but I do wonder if this sort of thing is going to become commonplace as more apps and services come online after being developed in slapdash AI-assisted manners.

Saturday, 26 July 2025