Tea, a provocative dating app designed to let women anonymously ask or warn each other about men they’d encountered, rocketed to the top spot on the U.S. Apple App Store this week. On Friday, the company behind the app confirmed it had been hacked: Thousands of images, including selfies, were leaked online.

“We have engaged third-party cybersecurity experts and are working around the clock to secure our systems,” San Francisco-based Tea Dating Advice Inc. said in a statement.

The app and the breach highlight the fraught nature of seeking romance in the age of social media.

Here’s what to know:

Tea was meant to help women date safely

Tea founder Sean Cook, a software engineer who previously worked at Salesforce and Shutterfly, says on the app’s website that he founded the company in 2022 after witnessing his own mother’s “terrifying’’ experiences. Cook said they included unknowingly dating men with criminal records and being ”catfished’’ — deceived by men using false identities.

Tea markets itself as a safe way for women to anonymously vet men they might meet on dating apps such as Tinder or Bumble — ensuring that the men are who they say they are, not criminals and not already married or in a relationship. It’s been compared to the Yelp of dating.

In an Apple Store review, one woman wrote that she used a Tea search to investigate a man she’d begun talking to and discovered “over 20 red flags, including serious allegations like assault and recording women without their consent.’' She said she cut off communication. ”I can’t imagine how things could’ve gone had I not known,” she wrote.

A surge in social media attention over the past week pushed Tea to the No. 1 spot at the U.S. Apple Store as of July 24, according to Sensor Tower, a research firm. In the seven days from July 17-23, Tea downloads shot up 525% compared to the week before. Tea said in an Instagram post that it had reached 4 million users.

Tea has been criticized for invading men’s privacy

A female columnist for The Times of London newspaper, who signed into the app, on Thursday called Tea a “man-shaming site’’ and complained that ”this is simply vigilante justice, entirely reliant on the scruples of anonymous women. With Tea on the scene, what man would ever dare date a woman again?’'

It’s unclear what legal recourse an aggrieved man might have if he feels he’s been defamed or had his privacy violated on Tea or a similar social media platform. In May, a federal judge in Illinois threw out an invasion-of-privacy lawsuit by a man who’d been criticized by women in the Facebook chat group “Are We Dating the Same Guy,’' Bloomberg Law reported.

The breach exposed thousands of selfies and photo IDs

In its statement, Tea reported that about 72,000 images were leaked online, including 13,000 images of selfies or photo identification that users submitted during account verification. Another 59,000 images that were publicly viewable in the app from posts, comments and direct messages were also accessed, according to the company’s statement.

No email addresses or phone numbers were exposed, the company said, and the breach only affects users who signed up before February 2024. “At this time, there is no evidence to suggest that additional user data was affected. Protecting tea users’ privacy and data is our highest priority,” Tea said.

It said users did not need to change their passwords or delete their accounts. “All data has been secured.’'