The women’s dating safety app, Tea, has allegedly suffered a second, more severe data breach, exposing highly sensitive private messages between its users. Tea, which boasts over 1.6 million users and recently topped app store charts, is designed as a space for women to confidentially share information about men to enhance their safety. This new incident follows a breach reported just last week that exposed user selfies and ID photos. This latest exposure, however, is far more alarming as it allegedly involves recent, private conversations, directly contradicting the company’s initial claims that only legacy data was affected.
An independent security researcher discovered the vulnerability, which reportedly allowed access to a database containing over a million user messages from early 2023 until as recently as last week. The exposed communications are of an extremely sensitive nature, potentially putting users at significant risk of blackmail, harassment, or real-world harm. While the app encourages anonymous usernames, the content of the messages often contained personally identifiable information that could easily unmask the users. The allegedly leaked data includes:
- Private messages between users discovering they were dating the same person.
- Discussions between women about their abortions.
- Conversations where users shared phone numbers and other contact details.
- Chats where women identified cheating partners.
This second security failure compounds the fallout from the first breach, where user selfies and driver’s license photos were leaked from an exposed database. That data was maliciously used to create a website that pitted users’ photos against each other in a “hot or not” style ranking. In response to this latest incident, a spokesperson for Tea stated they are working to contain the situation, have launched a full investigation with external cybersecurity firms, and have contacted law enforcement.
