Tea app disables DMs after 1.1M private messages exposed in major security flaw

Tea, the women’s viral dating safety app, has disabled its direct messages after a massive security flaw exposed over 1.1 million private chats.

The decision came after404 Mediarevealed a staggering new breach involving Tea’s DM system. The leak included deeply sensitive conversations where users shared details about abortions, cheating partners, and phone numbers, often with real names attached.

Tea app logo on green background

Independent researcher Kasra Rahjerdi discovered and flagged the issue, sharing a verified cache of exposed DMs with 404 Media. The flaw allowed unauthorized access to private conversations on the platform.

In response, Teadisabled DMsand said it would notify affected users and offer free identity protection.

hacker and dababel app

“To address the issue and out of an abundance of caution, we have taken the affected system offline altogether,” the company said in a statement.

Tea app suffers another major breach

This is the second major breach to hit the app in just two weeks.

Earlier in July, 4chan users had discovered Tea was storing personal data, including ID verification photos, in an unsecured public server. That flaw allowed anyone to download the information without a password, prompting users to scrape the entire dataset before it could be locked down.

TeaOnHerLogo

Tea later confirmed that 72,000 images were exposed, including 13,000 selfies and photo IDs submitted during signup, and another 59,000 photos from user-generated content.

A post shared by Tea – Dating Safety App for Women (@theteapartygirls)

Bunny in The First Descendant

The company now says the leaked messages are part of that initial breach, further compounding user concerns about the platform’s data security.

Tea, founded in 2023, had exploded in popularity by allowing women to anonymously review and share information about men they’vedated. The app climbed App Store charts quickly, but it now faces major trust issues.

The Tea dating app logo against a judge’s gavel.

TeaOnHer suffers massive data breach with drivers licenses and DMs leaked

First Descendant devs respond amid accusations of using fake AI streamers in ads

Tea app sued for millions in class-action lawsuit after massive data breach

Many of the exposed messages are intensely personal and involve accusations, relationship revelations, and even life-altering confessions. Some messages reportedly identify users or the men being discussed by name, raising serious privacy and defamation concerns.

Tea says it’s continuing its investigation and has seen “no evidence of access to other parts of our environment.” But for users, the damage may already be done.