The dating safety app Tea has suspended its direct messaging feature following a catastrophic second security breach that exposed over 1.1 million private user conversations. The incident, confirmed this Tuesday, follows a previous leak that compromised 72,000 sensitive images, including selfies and government-issued IDs used for account verification.
A Second Wave of Data Exposure
The extent of the security failure was brought to light by 404 Media, following a tip from security researcher Kasra Rahjerdi. The exposed data includes highly sensitive personal communications, ranging from shared phone numbers to private discussions regarding abortions and infidelity.
While Tea’s initial response to the first breach claimed the issue was limited to users who registered before February 2024, Rahjerdi’s investigation uncovered a much broader timeline. The compromised data spans from early 2023 through the most recent week, involving more than 1.1 million distinct messages.
Platform Response and Security Measures
In a direct response to the mounting security concerns, the company announced on Instagram that it has temporarily taken its messaging system offline. Management described the move as a measure taken “out of an abundance of caution” to protect user privacy following the second incident.
The platform, which allows women to share information about men they have dated, has faced intense scrutiny regarding its data handling practices. The initial breach saw sensitive verification imagery leaked onto 4chan, highlighting severe vulnerabilities in the app’s backend security.
Rapid Growth vs. System Integrity
Launched in 2023, Tea has experienced explosive growth, currently holding the No. 2 spot on the Apple App Store’s top free apps chart. Data from Sensor Tower estimates that the platform now serves approximately 2 million monthly active users.
Despite this surge in popularity, the back-to-back security failures have raised urgent questions about the safety of the sensitive information entrusted to the app by its growing user base. The company has since issued an official statement addressing the initial incident, though the full scope of the second breach remains under heavy investigation.