- A second data breach at Tea app exposed over 1.1 million private user messages online
- Approximately 72,000 images, including user photos and IDs, were also compromised
- Exposed messages included sensitive topics like cheating, abortion, and phone numbers
The data breach at Tea, the viral app that allows women to share "red flags" or feedback about men they have dated, was bigger than initially reported. Last week, the app acknowledged that it had experienced a data breach of about 72,000 images, including users' photos and IDs. Now, it is being reported that more than 1.1 million private messages between users have also been exposed online. These messages included highly personal conversations where women discussed issues like cheating partners, abortions and even shared phone numbers to take conversations off the platform.
Security researcher Kasra Rahjerdi discovered the latest breach and shared his findings with 404 Media. He revealed that the exposed chats date back to early 2023 and go up to as recent as last week. Mr Rahjerdi told Business Insider that he accessed Tea's app data using an app development platform called Firebase. This led to the discovery of the messages database.
Mr Rahjerdi said he was able to access more than 1.1 million private messages between Tea's users, including "intimate" conversations about topics such as divorce, abortion, cheating, and rape. Some chats included details such as phone numbers and locations to meet up, he said.
This has raised concerns about the safety of users, especially since these private conversations were assumed to be protected. A Tea spokesperson also confirmed the latest breach, saying the company "recently learned that some direct messages (DMs) were accessed as part of the initial incident".
"Out of an abundance of caution, we have taken the affected system offline," the spokesperson said.
"We are working to identify any users whose personal information was involved and will be offering free identity protection services to those individuals," the Tea spokesperson told Business Insider.
The company also informed its users on Monday that DMs were accessed in the breach, adding that the app's DM feature was "temporarily unavailable".
An investigation involving external cybersecurity experts and the FBI is ongoing, the company stated.
Also Read | Flight Scare In US As Boeing 787 Declares "Mayday" Soon After Takeoff
Notably, the latest breach comes days after it was reported that a data breach at Tea exposed thousands of user-submitted images online. Around 72,000 images were compromised in the breach. Of these, around 13,000 were selfies or verification images, including photo identification submitted during account setup, a Tea spokesperson said. An additional 59,000 images, publicly visible within the app's ecosystem, including posts, comments and direct messages, were also accessed without permission, they added.
"Tea has engaged third-party cybersecurity experts and are working around the clock to secure its systems. At this time, there is no evidence to suggest that additional user data was affected," the company said in a statement.
Tea is a women-exclusive platform based in the US, allowing users to discuss their dating experiences anonymously. On Tea's website, it says it has a "community of over 4,647,000 women".
