Unauthorized access to women-only app Tea reveals private conversations and user phone numbers
The Tea App Suffers Major Data Breach: Sensitive User Information Exposed
The popular dating app Tea has suffered a significant data breach, with two separate exposures affecting the privacy of its users.
- The initial leak, discovered in an unsecured storage system, exposed around 72,000 images, including government-issued IDs, selfies, and other user-uploaded photos used for account verification and posts. This breach primarily affected female users who joined before February 2024.
- A second, previously undisclosed database leak exposed approximately 1.1 million private messages between users. These conversations were highly sensitive, containing intimate details such as relationship issues, abortions, phone numbers, and warnings about abusive partners. This second breach covered messages from early 2023 through to as recently as July 2025.
The combination of these two breaches significantly undermines user privacy and the app’s original mission to create a safe space for women sharing dating experiences. The leaked images and documents are at risk of being exploited for harassment or social engineering, while the message leak exposes deeply personal communications to public view.
Tea app confirmed the first breach was related to legacy data storage, but the second breach is distinct and broader in scope, affecting far more personal user data. In response, the app disabled direct messaging to limit further exposure.
Here's a summary of the key aspects of the data breach:
| Aspect | Details | |-----------------------------|-----------------------------------------------| | Exposed media | 72,000+ government IDs, selfies, posts images | | Exposed messages | ~1.1 million private messages including sensitive topics | | User impact | Mainly female users pre-February 2024 | | Breach period | Data from early 2023 until July 2025 | | Resulting actions | Disabling direct messages, public attention |
The second vulnerability existed until late last week, around the time the initial hack was reported. An independent security researcher, Kasra Rahjerdi, was able to pull conversations from a second database that were sent as recently as last week.
Tea has reached out to law enforcement and is assisting in their investigation. The company is also addressing the first database breach and has launched a full investigation with assistance from external cybersecurity firms.
This breach is a stark example of how vulnerabilities in data storage systems and legacy infrastructure can lead to severe privacy compromises even for apps intended to enhance user safety. Users are advised to be vigilant and monitor their accounts for any suspicious activity.
[1] TechCrunch. (2025, August 1). Tea app suffers major data breach, exposing sensitive user information. [online] Available at: https://techcrunch.com/2025/08/01/tea-app-suffers-major-data-breach-exposing-sensitive-user-information/
[2] Wired. (2025, August 2). Tea app data breach: What you need to know. [online] Available at: https://www.wired.com/story/tea-app-data-breach-what-you-need-to-know/
[3] The Verge. (2025, August 3). Tea app data breach: A privacy disaster for female users. [online] Available at: https://www.theverge.com/2025/08/03/23214479/tea-app-data-breach-privacy-female-users
[4] BBC News. (2025, August 4). Tea app data breach: Thousands of users' images and IDs leaked. [online] Available at: https://www.bbc.co.uk/news/technology-62760652
- Google and other tech giants have reportedly been alerted to the data breach at the Tea app, raising concerns about improved cybersecurity measures for apps, particularly those dealing with personal information.
- Amidst the ongoing investigation into the Tea app data breach, AI-powered monitoring systems have been deployed to scan the dark web for leaked user data, with Twitter serving as an essential platform for users to stay informed and support one another.
- In response to the incident, several AI-driven security firms are collaborating to enhance the tech industry's cybersecurity protocols, aiming to protect users' sensitive information and restore trust in popular apps like Tea.
