The women’s dating app ‘Tea’ was meant to be a safe space for women to share their experiences and highlight red flags in men. 
However, a massive data leak has thrown the app into controversy, exposing thousands of personal documents and images.
Initially designed to let women spill tea anonymously about men they’ve dated, the app grew in popularity for its unique approach to safety. Unfortunately, the backend storage system, based on Google’s Firebase, was anything but secure. The app’s developers set up public access to storage buckets, meaning sensitive user data was left unprotected and easily accessible to anyone on the internet.
As a result, over 72,000 images, including 13,000 verification documents, were leaked onto platforms like 4chan, X, and Reddit. Some of the leaked photos included personal images of the women who had signed up, further compounding the scandal. The app’s storage mechanism has been dubbed “vibe-coded” by some users, though that term was likely meant as a joke. Regardless of the humorous name, the lack of proper authentication in Firebase was a serious misstep, especially considering the sensitive nature of the data.
While some online commentators have expressed sympathy for the women whose data was compromised, others have sarcastically pointed out the irony of a platform designed to protect women from red flags becoming a red flag itself. As the story continues to unfold, the app’s developers are under fire for their failure to safeguard user privacy, and some suggest legal action should be taken. Regardless of how the situation is handled, one thing is clear: platforms that deal with personal information need to take security more seriously to prevent future breaches.