ConsentKeys

ConsentKeys to Tea App: A $50M Breach Could Have Been Avoided With Zero-Data Authentication

KrisJuly 31, 2025
21eyes Logo

Vancouver, BC – July 30, 2025 — As the Tea app reels from a devastating data breach and mounting lawsuits, ConsentKeys, the zero-data identity provider, warns companies: “You can’t leak what you never collect.” With over 70,000 personal images and thousands of private messages exposed, the breach underscores a costly truth: privacy cannot be patched after the fact.

The Breach

In late July, security researchers discovered that Tea, an app marketed as a safe space for women to share red flags in dating, left a Firebase database exposed — allegedly containing:

  • 13,000 government IDs and verification selfies
  • 72,000+ message and post images
  • Private direct messages, now confirmed breached in a second incident

Tea took its messaging platform offline and admitted the leak impacted users who joined before February 2024. The content was so sensitive, security experts described it as “a stalker’s dream dataset.”

Legal Exposure: A $50M Wake-Up Call

Two federal class-action lawsuits have been filed in Northern California, citing negligence, breach of contract, and privacy violations.

ConsentKeys estimates the financial fallout between $10 million and $50 million USD, based on precedent:

  • Snapchat’s 2019 settlement over data collection: $35 million

  • Equifax breach (2017): $425 million

  • Ashley Madison breach (2015): $11.2 million class-action settlement for a user base of similar size

In addition to damages, Tea faces compliance risks under GDPR and CCPA, both of which allow fines of up to 4% of global revenue for failure to safeguard personal data.

Erosion of Trust

Tea’s entire value proposition was user safety and anonymity. The breach not only violated user privacy—it destroyed public trust.

“Tea built a vault but left the keys in the door,” said Kris Constable, Founder of ConsentKeys.

“ConsentKeys ensures there’s nothing to steal in the first place.”

Users across social platforms have expressed outrage and fear. Many say they no longer feel safe sharing sensitive experiences online—and they’re right.

The ConsentKeys Solution: No Data, No Risk

Had Tea implemented ConsentKeys, the entire class action could have been avoided. ConsentKeys replaces traditional user onboarding with pseudonymous authentication:

  • No names, photos, or IDs stored

  • No metadata linking users to posts or messages

  • No centralized user database to breach

By design, ConsentKeys gives every app a compliance-first, breach-resistant foundation. Unlike traditional authentication systems that accumulate and expose risk, ConsentKeys aligns with GDPR and CCPA requirements by minimizing data collection at the root.

Side-by-Side Comparison

Tea (Legacy Model) With ConsentKeys
Data Stored Real names, selfies, IDs Anonymous aliases only
Breach Liability Lawsuits, GDPR/CCPA fines No actionable PII to expose
User Trust Destroyed Strengthened through privacy-by-design
Regulatory Compliance In violation Aligned with GDPR/CCPA principles

About ConsentKeys

ConsentKeys is a next-generation identity and authentication platform built for the age of surveillance and breach fatigue. By issuing pseudonymous logins per app, ConsentKeys eliminates the need for companies to store real user data — removing risk, reducing legal exposure, and simplifying compliance with global privacy laws.

Whether you’re a startup or scaling SaaS company, ConsentKeys ensures your users stay private — and your business stays protected.

Learn more: consentkeys.com

Media Contact:

Kris Constable

Founder & CEO, ConsentKeys

press@consentkeys.com