Español
The dating safety app Tea, known for its mission to provide a safe space for women to share experiences about past dates, is once again under scrutiny after a second data breach was reported — this time exposing over a million private user messages.
More Than Just Photos Leaked
Just last week, Tea confirmed a data incident that revealed around 72,000 private images, including account verification selfies, government-issued IDs, and user-shared media from posts and messages. Alarmingly, many of these files were reportedly distributed through forums like 4chan.
Now, new information uncovered by independent security researcher Kasra Rahjerdi and reported by 404 Media, shows that the breach went even deeper. Private messages exchanged between users were exposed — some containing sensitive personal details such as phone numbers, discussions around infidelity, and even abortion-related topics.
Breach Timeline and Scope Expands
While the company initially claimed the first breach only affected accounts created before February 2024, Rahjerdi’s research contradicts this. He discovered message logs dating back to early 2023 — all the way up to the previous week — totaling over 1.1 million private messages.
A Growing Security Crisis
Since its launch in 2023, Tea has seen rapid adoption and is currently ranked second in Apple’s App Store among free apps. But this string of security incidents raises serious concerns about the platform’s data protection protocols and incident response maturity.
Why It Matters
For cybersecurity professionals and compliance teams, this case highlights the growing risks surrounding platforms that collect highly sensitive personal data — particularly in sectors like dating, healthcare, or mental health. It also reinforces the importance of:
- Implementing robust encryption and data access controls
- Practicing continuous monitoring and vulnerability assessments
- Ensuring transparency and timely disclosure of security events
- Complying with data privacy laws such as GDPR and CCPA
This incident underscores the need for security by design, especially for applications that operate in trust-based environments. As the use of AI moderation and user-reporting features grows in such platforms, so must the investment in cybersecurity infrastructure and ethical data handling.
