Mia* was sitting at her desk in Clerkenwell when she heard news that Tea, the controversial women-only app that enables users to vet potential dates, had been hacked.
Similar whisper groups including ‘Are We Dating The Same Guy?’ had exploded in recent years, gaining popularity in cities such as London. Mia regularly found herself checking them before a date. She felt the need to do her due diligence as she’d had too many instances of meeting men who weren’t who they said they were.
So when she read that 72,000 images of female users had been compromised in last week’s cyberattack on the Tea app, she was horrified — not because she doesn’t agree with many of the privacy and ethical concerns surrounding such groups, but because of what the attack meant for women’s wider feelings of safety online.
Indeed, Tea’s was no ordinary data breach: it was a revenge attack, coordinated by the right-wing, anti-women message group 4chan after the app had become the most downloaded free app on the Apple Store the previous week. Its 1.6 million female users were told they’d be able to “run background checks”, “identify potential catfish” and verify that someone was “not a sex offender” before potential dates — an idea that comforted many women, and seemed to anger a certain group of men.
“It’s pretty ironic to think that a platform created to guard its users from dodgy men has now been targeted by... dodgy men,” says Mia, 30, who has been on and off dating apps in London for the last five years. She can think of at least three friends who’ve left the dating apps due to safety issues in recent years, and has had her fair share of horror dating stories over that period: a man who looked nothing like his pictures, another who turned up high on drugs, a third who wouldn’t take no for an answer she turned down his offer to walk her home. “It’s terrifying, to be honest, the thought of all the different things that could go wrong on a date before you even get to the stage of figuring out if you even like one another. Attacks like this only leave me feeling more unsafe than ever.”
It’s pretty ironic to think that a platform created to guard its users from dodgy men has now been targeted by... dodgy men
Mia is not alone in her fear for what this latest hack means for the future of online dating. “It just shows you what we [women] deal with every day of our lives,” TikToker @whosthistia told her followers in one of thousands of reaction videos from mostly-straight women circulating since the data leak.
“It just confirms that idea that women must always be vigilant,” says Martine Davis, 58, a divorcee from St Johns Wood who started her own matchmaking agency after years spent meeting men through apps who weren’t who they said they were.
“It’s horrifying,” says Katja Faber, a former criminal barrister who has been contacted by members of similar whisper groups after her son’s killer Bennet von Vertes was spotted posing on dating apps since his release from jail. It sickened her enough to think that innocent women were ending up on dates with her son’s killer, who is also a convicted rapist. To think that those same women may now have their identities leaked and ridiculed on groups like 4chan, where men have since been rating women’s photos, feels even more bleak.
London cyber behaviour specialist Jemma Davis, 40, says she can understand why the attack was horrifying for many women. “It’s not just about data fears, but emotional fatigue, trust erosion, and general app fatigue,” she says of her own recent decision to leave dating apps after five years of swiping.
It’s not just about data fears, but emotional fatigue, trust erosion, and general app fatigue
Sadly though, this particular attack didn’t surprise her. Yes, it was a perfect storm of weak authentication, sensitive data and emotionally vulnerable users — but the more pressing fact is that it exposes a wider feeling that online dating has never felt more unsafe. “These groups [like Tea] exist because women don’t feel safe on dating apps,” she explains. “But they’re not a solution. They create a new risk without fixing the original one.”
So are whisper groups like Tea just a symptom of a wider safety issue? How do we fix that wider issue, then, if not through crowdsourcing testimonies in secret groups? And is it the responsibility of the government to fix this wider issue — or dating apps themselves?
Realistically, it has to be both, says Simon Newman, CEO of the Online Dating and Discovery Association (ODDA), the recognised trade body for the sector in the UK. As a leader in the cyber-security industry, he regularly meets with the police and the Home Office regarding how to keep serious and violent offenders off dating apps, and says the most frustrating element of the Tea leak was that it was “completely avoidable” and has now distracted from a wider conversation about data security and personal safety when online dating.
The biggest challenge, in his view, is that dating apps don't have access to information about a user's offending behaviour, and are hence limited in what they can do. He, Faber and Davis all agree that the solution to boosting dating app safety is threefold: increased vigilance by individual users; increased protection of those individuals by dating apps; and legislation that gives dating app users more power to find out if a match has a history of violence.
After all, Sean Cook, the Silicon Valley developer behind the Tea app, was not wrong with his warnings that mainstream dating apps do pose unsafe spaces for women. Just look at the case of von Vertes, who was able to brazenly pose on dating apps around Europe under a fake name, or the case of Stephen Matthews, a former US doctor who wasn’t removed from the dating app Hinge until his arrest and conviction in 2024, despite being reported for rape and drink-spiking at least 15 times. “It is shocking that for years after receiving reports of sexual assault, Hinge continued to allow Stephen Matthews access to its platforms,” attorney Laura Wolf said of the case at the time.
Hinge’s owner Match Group (which also owns Tinder, OKCupid and Plenty of Fish) controls half of the world’s online dating market and has repeatedly been accused of choosing profits over safety and failing to protect its users appropriately in cases like Matthews’.
Bumble, where at least one woman claims she saw von Vertes posing under a fake name, has come under similar scrutiny. The app says it reserves the right to investigate members with serious criminal histories, but users are not required to disclose criminal convictions like von Vertes’. “It’s terrifying, the thought that someone on parole for such serious crimes can swipe on apps like this as if he had done nothing,” says Faber.
The former criminal barrister says she is disappointed but not surprised that tech leaders are dragging their feet on the issue, and believes the most effective solutions must come from governments. She points to Australia, which last year introduced a voluntary online dating safety code requiring apps to implement reporting mechanisms for users to share incidents of online harm in order for necessary action to be taken.
Switzerland, the country where Faber’s son was killed, is looking at introducing something similar off the back of the Standard’s podcast about the issue, and she is calling on UK politicians to follow suit — if not go a step further and embed the concept in criminal law, making companies complicit in any wrongdoing by a user of their services. She is meeting with MP Jess Phillips, the current minister for safeguarding, about the issue next month.
Small steps are slowly being taken, says Newman. He would like to be in a position where the sector blocks anyone with a conviction for a sexual or violent offence — but DBS checks on users are expensive, slow and not particularly effective in his experience, and politicians were not interested when he proposed adopting the Australian Online Dating Safety Code in the UK.
He is currently speaking to the Ministry of Justice about another potential avenue: enforcing licensing conditions on offenders released from prison, which would prevent them from accessing dating apps altogether. He says there has also been some appetite for an extension of Clare's Law, which was introduced in 2014 and allows people to ask the police if a partner has a history of violence. Newman wants this to be broadened out to encompass anyone using a dating or social media app. Even then, though, it won’t help in the case of foreign criminals like von Vertes — a “glaring gap” that means that the UK risks undermining its own efforts on dating app safety if it is left unattended-to.
“If I had to pick one issue for the government to deal with it would be this: how to deal with foreign criminals on our apps,” says Newman. He admits that like Faber, he feels frustrated: largely that dating apps don’t have access to the information about violent offenders that would allow them to block access. He recently heard from an app that had been made aware of a profile of a man who’d been convicted for murder in the US (of a woman he met on a date) and was posing on UK dating apps under a fake name.
Newman shared information with his members like Tinder and Hinge — the first time his association has done so — and the man was subsequently blocked from any sites he was on. But it was a drawn-out and manual process. How many other dangerous criminals are out there on the apps that he doesn’t know about?
You can contact the police and ask whether someone you’re dating has a known history of violence or abuse. This is a legal right, yet too few people know it exists
Too many, says Davis, who believes dating apps like Hinge and Bumble should at the very least be educating their users on personal safety. “These platforms already use nudges to encourage people to upgrade or report inappropriate behaviour,” she says. “Why aren’t they pointing people to laws or initiatives that could actually protect them, like Claire’s Law?”
Faber and Newman agree that education is paramount. “If tech companies drag their feet, women must be made aware of the dangers now — these conversations need to happen around the kitchen table, among girlfriends, in families,” says Faber. “We often talk about 'informed consumers' being our goal,” says Newman.
So what can dating app users do to protect themselves, exactly, if they can’t rely on politicians, app owners themselves or whisper groups like Tea? First, remember that Claire’s Law is free and available for anyone in the UK to use, Davis advises. “You can contact the police and ask whether someone you’re dating has a known history of violence or abuse. This is a legal right, and too few people know it exists.”
Other advice Davis gives to clients includes looking for red flags like blurry or filtered photos, doing your own online checks before meeting someone in-person, and only speaking to those with profiles that are verified — a tip that is far from foolproof, but will at least filter out the most obvious scams. Apps like Tea might appear to be helpful, she says, but in truth they are “digital whisper networks with no fact-checking, no verification, and no accountability” — none of which is true safeguarding, even when your data is secure.
Like Faber and Newman, she hopes this week’s Tea app saga will serve as a cautionary tale for the dangers of data privacy — but a turning point, too.
The irony is that an app that promised to “protect women” has left many online daters feeling more unsafe than ever. The small silver lining is that it’s finally exposed the problem it was built to solve.
*Names have been changed to protect identities
