• The Tea app was hit with a data breach that exposed 72,000 images, including selfies and IDs.
• The app said the breach involved a legacy data system with information from over two years ago.
• Tea, which lets women share anonymous dating advice and reviews, hit the top spot in the App Store.

Tea, the anonymous dating advice app for women that has the internet buzzing, is in hot water after a data breach.

Thousands of images of women, including selfies and photos of IDs that were used to verify their identity to join the app, were exposed because of the breach.

"We can confirm that at 6:44 AM PST on Friday, July 25th, Tea identified unauthorized access to one of our systems and immediately launched a full investigation to assess the scope and impact," a spokesperson for Tea told Business Insider in a statement.

"Preliminary findings indicate that the incident involved a legacy data storage system containing information from over two years ago," the spokesperson said.

The Tea app allows women to post a "man" (including his name, estimated age, location, and photos) with the option to add commentary. Users can also react to posts with green or red flags. Some users post photos of men asking for "tea" — gossip — about them. Others share posts seeking advice. The app does not allow screenshots.

The breach included about 72,000 images — about 13,000 of which were either selfies or photo identification "submitted during account verification," the company said. Another 59,000 images from within the app, as well as comments and direct messages, "were accessed without authorization."

404 Media, which found that the data had been posted to 4chan, first reported the breach on Friday morning,

Tea said it is working with "third-party cybersecurity experts" after the breach and does not believe "current or additional user data was affected."

Meanwhile, in the Tea app, an administrative account "TaraTeaAdmin" informed users about the breach in a post, which now has hundreds of comments on it.

The Tea app has seen an influx of new users and hit No. 1 on the US Apple App Store this week. On Friday, the company posted an Instagram story stating that more than 2 million new users have requested to join the app.

Privacy concerns had already been a topic of discussion amid Tea's virality — but mostly concerning the privacy of the men posted to the app. Now, those concerns are going both ways.

• Researchers say they uncovered a massive data leak exposing 16 billion login credentials.
• The leak involves logins for platforms like Apple, Gmail, and Facebook, posing security risks.
• Companies advise using two-step authentication and passkeys to protect your accounts.

Researchers say they've uncovered one of the largest data leaks in history that involves many popular platforms.

The leak includes nearly 16 billion login credentials that could give cybercriminals access to social media and business platforms such as Apple, Gmail, Telegram, Facebook, GitHub, and more, researchers at Cybernews said this week.

Bad actors now have "unprecedented access to personal credentials that can be used for account takeover, identity theft, and highly targeted phishing," the researchers said.

The number of exposed people or accounts is unknown. The researchers said the data likely comes from malicious software known as infostealers.

"What's especially concerning is the structure and recency of these datasets — these aren't just old breaches being recycled. This is fresh, weaponizable intelligence at scale," the researchers said.

Cybernews said researchers uncovered the leak when the datasets were exposed for a short period of time.

It follows the May discovery of a database containing more than 184 million credentials, including Apple, Facebook, and Google logins, Wired earlier reported.

If you're nervous that your logins are at risk, there are steps you can take to make your account safer.

How to protect yourself

You can't unring the bell of an information leak. However, you can take steps to identify if your credentials have been involved in any data breaches and protect yourself in the future.

You can check sites like Have I Been Pwned to see if your email has appeared in a data breach.

Turning on two-step authentication for your accounts can also help protect them from unauthorized access.

Platforms also offer resources to help users secure their accounts.

Google encourages users to use protections that don't require a password, like a passkey. It's one of the tech giants, along with Apple, Amazon, and Microsoft, that have been working to move users away from passwords to help secure their accounts.

For those who prefer to stick with passwords, Google's password manager can store login credentials and notify users if they appear in a breach, a spokesperson told Business Insider.

There's also Google's dark web report, a free tool that tracks whether personal information is floating around in online databases.

GitHub, an online coding platform, offers developers a guide on how to implement safety measures in their organizations. The site recommends creating a security policy, having strict password guidelines, and requiring two-factor authorization.

The data leak included logs — "often with tokens, cookies, and metadata," which makes it "particularly dangerous for organizations lacking multi-factor authentication or credential hygiene practices," the Cybernews team said.

Meta offers a Privacy Checkup tool for users to review their privacy and security account settings. There, you can turn on two-factor authentication and ensure Meta alerts you of unusual logins.

Meanwhile, Telegram said its primary login method sends a one-time password to users over SMS.

"As a result, this is far less relevant for Telegram users compared to other platforms where the password is always the same," a Telegram spokesperson told BI about the data leak.

Apple, GitHub, and Meta did immediately respond to a request for comment on the data leak. Google said it was directing users to some of the security resources above.