The women-only dating safety app Tea has taken its direct messaging system offline after a second and far more sensitive data leak emerged, compounding a weekend breach that already exposed tens of thousands of user images. The company, which serves more than 4.6 million women claiming to offer a “secure, anonymous platform” for vetting potential dates, confirmed the latest intrusion in a public update as it scrambles to contain fallout with outside cyber experts and the FBI.
Two-stage breach exposed verified ID images first, then private conversations
The initial incident was detected early on July 25, when Tea identified “unauthorized access” to a legacy data storage system. That breach exposed a dataset of information from before February 2024. According to the company, the compromised content included roughly 72,000 images—about 13,000 selfies and photo IDs submitted during identity verification—and approximately 59,000 images publicly visible in the app via posts, comments and direct messages. Tea said no email addresses or phone numbers were accessed, and only accounts created before February 2024 were affected.
Shortly afterward, reporting by 404 Media revealed a second, deeper leak. Independent researchers told the outlet that threat actors had accessed a separate database containing more than 1.1 million private messages between users. Those messages included discussions of highly sensitive personal topics such as abortions, cheating partners, phone numbers exchanged privately, and other intimate disclosures. Claims surfaced on 4chan that an exposed Firebase-hosted database belonging to Tea was discovered, providing the initial lead on the second data exposure.
Tea’s response: messaging offline, investigation ongoing, identity protection promised
In a three-part Instagram post from the account teapartygirls, Tea acknowledged that some direct messages had been accessed as part of the initial incident and, “out of an abundance of caution,” had taken the affected system offline.
“At this time, we have found no evidence of access to other parts of our environment,” the company said, pledging to keep users informed quickly.
“Please know that our team remains fully engaged in strengthening the Tea App’s security.”
Tea also said it is working to identify any users whose personal information was involved and will offer free identity protection services to those individuals.
The company confirmed it has launched a full investigation with external cybersecurity experts and notified the FBI, indicating a multi-pronged incident response effort is underway.
Exposure amplifies privacy and reputational risk for a platform built on trust
The combination of verification data (selfies and photo identification) and deeply personal, private conversations represents a significant breach of user trust and privacy. Tea markets itself as a place where women can safely vet dates and flag suspicious individuals; the leaks turn that promise on its head by exposing the very content users relied on for safety.
The company framed its response within its broader mission, noting that despite the seriousness of the incident, the app remains vital to its stated goal to “empower, support, and amplify the voices of women navigating the modern dating world.”
Ongoing containment and next steps
Tea has added a public incident update on its website and is publicly appealing for cooperation from infrastructure providers if needed, though it has not publicly detailed the forensic findings beyond access scope. No timeline has been given for restoring direct messaging, nor has the company released technical specifics about how the second database was accessed.
Users impacted by the leak are left in a precarious position: private conversations containing sensitive context, and potentially identifying verification data, could be weaponized for doxxing, blackmail, social engineering, or other abuses if released more broadly. The threat landscape includes not only potential public exposure but also downstream misuse of intimate content.
Tea’s dual disclosure—first about image data, then about private messages—illustrates how multi-layered incidents evolve and why monitoring and rapid containment across interconnected systems is increasingly critical in platforms handling sensitive personal disclosures.
