(Credit: Thomas Fuller/SOPA Images/LightRocket via Getty Images)
The security breach at women's dating safety app Tea has worsened, with a new database of over 1.1 million private messages found exposed.
The exposed data contains messages between users discussing abortions, cheating partners, and even phone numbers they sent to each other. Any hacker could access the chats and even send push notifications, independent researcher Kasra Rahjerdi tells 404Media.
Founded in 2023, Tea allows women to anonymously review and share details about the men they have dated. Intended to alert women about potential red or green flags in their vicinity, the app had surged to the top of App Store ratings recently.
That momentum, however, was quickly derailed by a serious security issue reported by 404 Media last week. Links to Tea's cloud database, which contained user-uploaded images and photo IDs submitted for account verification, were posted on the anonymous online message board 4chan.
(Credit: Tea Dating Advice)Tea confirmed the breach in an official statement, stating that approximately 72,000 images were exposed. It includes 13,000 selfies and photo IDs submitted for verification, as well as 59,000 images from users' posts, comments, and direct messages.
At the time, Tea also claimed that "only users who signed up before February 2024 were affected." That assurance, however, didn't hold up. The second database, flagged to 404Media, had private messages sent as recently as last week.
What makes matters worse is that these chats mentioned social media handles, phone numbers, and real names. A little research could actually reveal the identities of people mentioned, 404Media says.
Following the second leak, Tea has temporarily paused its DMs and confirmed that the exposed messages are also part of the initial breach. The platform has promised to identify affected users and offer them free identity protection services.
"To address the issue and out of an abundance of caution, we have taken the affected system offline altogether," the official statement reads. "At this time, we have found no evidence of access to other parts of our environment."