The US app Tea, which allows women to share opinions, red flags and personal experiences with men they have dated, has been the subject of a major hacker attack, in which around 72,000 images were leaked, including 13,000 ID photos.

The hackers gained access to an old photo repository used before February 2023. The leaked images include selfies and photos of IDs used to verify Tea profiles. The rest of the photos are from publicly available posts, comments and messages on the app.

Tea stresses that no email addresses or phone numbers were compromised.

The app, which advertises itself as a “sisterhood of 1.6 million women”, quickly gained popularity with its promise to help users protect themselves from “toxic or dangerous men” by anonymously sharing experiences with other women. It became the top free Lifestyle app on the App Store this week after going viral on social media.

But the security breach has raised serious concerns. Photos of ID cards and driver’s licenses stolen from Tea were posted on 4Chan, a forum known for its toxic culture, incel content and misinformation, users reported on Reddit and other sites.

“Linking usernames to real names and addresses exposes women to serious risks, from stalking and online harassment to identity theft,” said Trey Ford, a cybersecurity expert at Bugcrowd.

“Theft of personal information is just the tip of the iceberg,” he warned.

The Tea app has already come under fire for privacy concerns, with many of the “reviews” from men containing photos, names and other personal information, leaving users vulnerable to both technical breaches and malicious use. | BGNES, AFP