Tea, the women’s viral dating safety app, has disabled its direct messages after a massive security flaw exposed over 1.1 million private chats.
The decision came after 404 Media revealed a staggering new breach involving Tea’s DM system. The leak included deeply sensitive conversations where users shared details about abortions, cheating partners, and phone numbers, often with real names attached.
Independent researcher Kasra Rahjerdi discovered and flagged the issue, sharing a verified cache of exposed DMs with 404 Media. The flaw allowed unauthorized access to private conversations on the platform.
In response, Tea disabled DMs and said it would notify affected users and offer free identity protection.
“To address the issue and out of an abundance of caution, we have taken the affected system offline altogether,” the company said in a statement.
Tea app suffers another major breach
This is the second major breach to hit the app in just two weeks.
Earlier in July, 4chan users had discovered Tea was storing personal data, including ID verification photos, in an unsecured public server. That flaw allowed anyone to download the information without a password, prompting users to scrape the entire dataset before it could be locked down.
Tea later confirmed that 72,000 images were exposed, including 13,000 selfies and photo IDs submitted during signup, and another 59,000 photos from user-generated content.
The company now says the leaked messages are part of that initial breach, further compounding user concerns about the platform’s data security.
Tea, founded in 2023, had exploded in popularity by allowing women to anonymously review and share information about men they’ve dated. The app climbed App Store charts quickly, but it now faces major trust issues.
Many of the exposed messages are intensely personal and involve accusations, relationship revelations, and even life-altering confessions. Some messages reportedly identify users or the men being discussed by name, raising serious privacy and defamation concerns.
Tea says it’s continuing its investigation and has seen “no evidence of access to other parts of our environment.” But for users, the damage may already be done.
Content shared from www.dexerto.com.