Tea, a dating safety app designed for women to share experiences about men they’ve dated, has temporarily disabled its direct messaging (DM) feature following a second major data breach. The new incident reportedly exposed more than 1.1 million private messages, including highly sensitive conversations.
Last week, the platform suffered its first breach, leaking over 72,000 images used for account verification including selfies and photo IDs, which later surfaced on online forums like 4chan. At the time, Tea claimed that only accounts created before February 2024 were affected.
However, independent security researcher Kasra Rahjerdi told 404 Media that the second issue revealed conversations dating from early 2023 up to last week. These included exchanges where users disclosed phone numbers and discussed topics like abortions and infidelity.
In response, Tea posted an Instagram update on Tuesday confirming that its DM feature has been taken offline “out of an abundance of caution.” While the company hasn’t publicly confirmed a second breach, the timing of the announcement appears linked to Rahjerdi’s findings.
Launched in 2023, Tea quickly gained traction and now sits at No. 2 on the Apple App Store’s top free apps list. Analytics firm Sensor Tower estimates that the app has around 2 million monthly active users.
Tea App Hacked: What happened when
July 25, 2025:
Tea identifies a major breach in its legacy Firebase storage system, exposing approximately 72,000 user-uploaded images, including around 13,000 verification selfies and ID photos, plus about 59,000 images from posts, comments, and DMs.
Reports indicate this misconfigured database was publicly accessible and led to widespread data exposure.
July 26–27, 2025:
Initial breach emerges highlighting the leak of sensitive images, though Tea claims users who joined after February 2024 were not affected.
July 28, 2025:
Media reports a second breach: over 1.1 million direct messages (from early 2023 through the present) were exposed. These include conversations about abortions, cheating, phone numbers, and unmasked identities.
July 29, 2025
Tea announces on Instagram and other channels that it has disabled its direct messaging system "out of an abundance of caution" after confirming DMs were accessed. It also begins notifying affected users and offers free identity protection services. The FBI and external cybersecurity firms are reportedly involved in the investigation.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
