Last week, the dating safety app Tea experienced a data breach, exposing 72,000 sensitive images containing selfies and photo IDs for account verification, as well as images from posts and messages. The personal data was reportedly shared by users on 4chan.
As now reported by 404 Media, a second security issue exposed more user data, prompting the app to disable its direct messaging feature on Tuesday afternoon.
Earlier this week, 404 Media received a tip from independent security researcher Kasra Rahjerdi, including messages between users sharing phone numbers and discussing abortions and unfaithful partners.
The app — created to provide a platform for women to exchange information about men they’ve dated — released a statement last week regarding the initial breach, stating that it only affected users who signed up before February 2024. Rahjerdi’s findings revealed messages from early 2023 until up to last week, with more than 1.1 million messages recorded.
Seemingly in response to the report, Tea announced on Instagram that it has temporarily disabled its direct messaging feature. The company stated that “Out of an abundance of caution, we have taken the affected system offline,” likely as a precaution following the second security incident.
Tea, which launched in 2023 but has since gained wide attention, currently ranks No. 2 on the Apple App Store’s top free app chart. According to estimates from Sensor Tower, the app has around 2 million monthly active users as of this month.
This story was updated to include the app’s announcement on Instagram and Sensor Tower estimates.
Techcrunch event
San Francisco
|
October 27-29, 2025
