Dating safety app Tea has disabled its direct messaging feature following reports of a secondary, more severe data breach that exposed over 1.1 million private conversations, in addition to the earlier leak of approximately 72,000 images. Security researcher Kasra Rahjerdi accessed the message data – from early 2023 through late July – a dataset that included sensitive discussions around abortion, infidelity, personal phone numbers, and meeting locations.
After Rahjerdi alerted 404 Media, Tea acknowledged through its Instagram statement that some DMs were compromised and announced the immediate takedown of its messaging system “out of an abundance of caution”. This follows the initial breach we reported on just a few days ago, which affected legacy user data and involved 13,000 selfies or ID verification photos plus 59,000 user-posted images.
Tea, which launched in 2023, has grown in popularity among women seeking to anonymously share information about dating risks and red flags. It currently ranks among the top free apps on the U.S. Apple App Store and is estimated to have around 2 million monthly active use. In response to the breaches, Tea says it is notifying affected users and offering complimentary identity protection services. The company has engaged cybersecurity experts and is coordinating with federal authorities, including the FBI, to investigate the incident.
Security experts have criticized Tea for using Firebase storage without sufficient encryption or access protections—especially concerning given the sensitive nature of the platform’s content. Critics argue that the exposure highlights systemic privacy risks for platforms intended to offer safe, anonymous spaces for users to share personal experiences, particularly women raising warnings about potentially dangerous partners.
