San Francisco: Tea App —promoted as a “safe space for women”—has suffered a second major data breach, this time exposing more than 1.1 million private user conversations.
According to a report by 404 Media, cybersecurity researcher Kasra Rahjerdi discovered the breach after finding a vulnerability in the app’s internal API. The flaw allowed access to a massive archive of messages dating from early 2023 up to last week.
The leaked data includes deeply personal content such as discussions about cheating partners, abortions, and shared contact details—information users believed would remain private.
The situation is particularly troubling given Tea’s branding as a women-first platform built to help users “share and verify experiences about men” in a secure environment.
The Tea app encourages anonymous screen names, but many users voluntarily included real names, phone numbers, and social media handles in their chats—putting them at greater risk of being identified.
This latest breach follows an earlier incident in which users’ selfies and government ID photos submitted for verification were leaked online.
Some of those images ended up on platforms like 4chan, where anonymous users misused them in a disturbing “Facemash”-style game ranking women’s appearances.
Tea App claimed the earlier breach was tied to “an outdated storage system,” but this new incident affects the app’s current infrastructure, raising deeper concerns about its ability to safeguard user data.
The 404 Media confirmed that many of the usernames tied to the exposed chats are still active on the app, signaling that the breach may have remained open for some time. There are fears that other malicious actors could have accessed the data before the vulnerability was discovered.
Also Read | ‘No Thanks!’ App Call for Boycott Israeli Product
Among the leaked conversations are reports of women realizing they were dating the same man, using details like car models to confirm suspicions.
Others involve wives discovering their spouses on the app and reaching out to warn other users—exchanges that were meant to be confidential.
In a statement to 404 Media, a Tea spokesperson said:
“We are continuing to work expeditiously to contain the incident and have launched a full investigation with assistance from external cybersecurity firms. We have also reached out to law enforcement and are assisting in their investigation. Since our investigation is in its early stages, we do not have more information we can share at this time.”
Tea claims to have over 1.6 million users and has recently ranked among the most downloaded apps on the App Store. But with two serious breaches in a short span of time, the platform now faces growing questions about whether it can still be trusted to protect its community.
As the investigation continues, users are urged to review their security settings and avoid sharing personally identifiable information in messages on the platform.
Disclaimer: This article is based on publicly available reports and statements. Details may evolve as investigations continue.