At 6:44 AM PST on 7/25, we identified unauthorized access to our systems and immediately launched a full investigation with assistance from external cybersecurity experts to understand the scope and impact of the incident. Here’s what we know at this time:
A legacy data storage system was compromised, resulting in unauthorized access to a dataset from prior to February 2024. This dataset includes approximately 72,000 images, including approximately 13,000 selfies and photo identification submitted by users during account verification and approximately 59,000 images publicly viewable in the app from posts, comments and direct messages.
No email addresses or phone numbers were accessed. Only users who signed up before February 2024 were affected.
This information was stored in accordance with law enforcement requirements related to cyber-bullying investigations.
We are working around the clock with internal security teams and third-party experts to secure our systems. We are currently working to determine the full nature and scope of information involved in the incident.
We will continue to share updates as more information becomes available. In the meantime, if you have questions or concerns, please contact our support team at support@teaforwomen.com.
Your data privacy is of the utmost importance to us. We are taking all necessary measures to strengthen our security posture and ensure that no further data is exposed. Thank you for your trust—and for your patience as we address this with the urgency it deserves
.
When did the incident occur?
We can confirm that at 6:44 AM PST on Friday, July 25th, Tea identified unauthorized access to one of our systems. In response, we immediately launched a full investigation with assistance from external cybersecurity experts to assess the scope and impact.
What is the data that was accessed?
Preliminary findings indicate that the incident involved a legacy data storage system containing information from prior to February 2024. Approximately 72,000 images - including approximately 13,000 images of selfies or selfies featuring a photo identification submitted during account verification and 59,000 images publicly viewable in the app from posts, comments and direct messages - were accessed without authorization. We are currently working to determine the full nature and scope of information involved in the incident.
Do I need to delete my account?
No, however if users would like to delete their account, those service functions remain available through the application. If you would like to rescind your application, please reach out to accounthelp@teaforwomen.com with the subject - "Remove my Account" and please include the following information - your city/state, date of birth, and any information you remember about your username.
What is Tea doing right now to protect users?
We have engaged third-party cybersecurity experts and are working around the clock to secure our systems. At this time, we have implemented additional security measures and have fixed the data issue. We are currently working to determine the full nature and scope of information involved in the incident. Protecting our users’ privacy and data is our highest priority. We are taking every necessary step to ensure the security of our platform and prevent further exposure.
I thought the selfies were deleted?
This data was originally archived in compliance with law enforcement requirements related to cyber-bullying prevention. At this time, we have no evidence to suggest that photos can be linked to specific users within the app.
How can I contact Tea?
Protecting our users’ privacy and data is our highest priority. We are taking every necessary step to ensure the security of our platform and prevent further exposure.We are committed to transparency and will provide updates as more information becomes available. In the meantime, members of the public with questions are encouraged to contact our support team at support@teaforwomen.com.
How did the cybersecurity incident happen?
During our early stages of development some legacy content was not migrated into our new fortified system. An unauthorized actor accessed our identifier link where data was stored before February 24, 2024. As we grew our community, we migrated to a more robust and secure solution which has rendered that any new users from February 2024 until now were not connected to the images involved in this incident.
What personal information was shared?
Approximately 72,000 images — including approximately 13,000 images of selfies or selfies featuring a photo identification submitted during account verification and 59,000 images publicly viewable in the app from posts, comments, and direct messages - were accessed without authorization. We are currently working to determine the full nature and scope of the incident.
Why did you require IDs prior to end of 2023?
During our early stages of development, we required selfies and IDs as an added layer of safety to ensure that only women were signing up for the app. In 2023, we removed the ID requirement.
.png)