In what cybersecurity experts are calling a “significant privacy catastrophe,” popular dating platform Tea has confirmed a major data breach affecting tens of thousands of users worldwide. The breach, discovered late last week, has exposed sensitive personal information including location data, sexual preferences, and private conversations.
The Toronto-based dating app, which launched in 2020 and quickly gained popularity for its emphasis on personality matching rather than appearance-based swiping, has seen its database compromised by what appears to be a sophisticated hacking operation. According to preliminary investigations, approximately 80,000 user profiles have been affected across North America and Europe.
“We detected unauthorized access to our user database on Thursday evening and immediately implemented emergency protocols,” said Tea CEO Melissa Chen in a statement released Sunday. “Our team is working around the clock with cybersecurity experts to secure the platform and determine the full extent of the breach.”
The compromised data reportedly includes users’ names, email addresses, dating preferences, conversation histories, and in some cases, connection to other social media accounts. Particularly concerning is the exposure of precise geolocation data that could potentially be used to track individuals’ movements and routines.
The CO24 Business team has learned that several darkweb forums are already advertising the stolen data for sale, with asking prices ranging from $15,000 to $50,000 for the complete database. Cybersecurity firm DigitalGuardian has verified the authenticity of sample data being circulated.
“Dating app breaches are particularly damaging because they contain such intimate details about people’s lives,” explained Dr. Anika Sharma, cybersecurity professor at the University of Toronto. “This information can be weaponized for blackmail, identity theft, or stalking. Users should be extremely vigilant in the coming weeks.”
Tea has notified relevant data protection authorities in Canada, the United States, and the European Union. Under the European GDPR regulations, the company could face fines of up to 4% of its global annual revenue if found to have inadequate security measures.
For affected users, the company has begun sending detailed notifications with specific instructions on securing their accounts. Tea recommends immediate password changes not only on their platform but across all online services, especially where similar credentials may have been used. They have also temporarily disabled location tracking features and implemented additional authentication measures.
This incident follows a troubling pattern of data breaches targeting dating applications. Last year, another popular platform suffered a similar attack affecting over 100,000 users, highlighting the valuable nature of intimate personal data in underground markets.
Privacy advocates are pointing to this breach as further evidence of the need for stronger data protection regulations in Canada. The Office of the Privacy Commissioner of Canada has confirmed it is investigating the incident but declined to provide specific details about potential enforcement actions.
As online dating continues to become the norm rather than the exception, the question remains: at what point will these platforms prioritize user security over growth and feature development? With millions entrusting their most personal details to these services, the stakes have never been higher.
