TL;DR:
- Tea, a dating safety app, experienced two major data breaches in July 2025.
- Over 1.1 million private messages were exposed, including sensitive discussions and personal details.
- The company has now disabled its direct messaging (DM) feature as a precautionary response.
- The first breach involved 72,000 user images leaked on 4chan, including photo IDs used for verification.
- Tea has over 2 million monthly users, making this a significant data privacy event in the app ecosystem.
A Second Data Breach Unfolds
The dating safety app Tea, which gained popularity for allowing women to share experiences about men they’ve dated, has been hit by a second security incident. According to a report from 404 Media, this breach exposed over 1.1 million private messages. These included conversations revealing phone numbers, personal relationships, and sensitive topics like abortions and infidelity.
The latest breach follows closely on the heels of an earlier leak involving 72,000 images, including selfies and government-issued photo IDs uploaded by users for identity verification. These images were reportedly posted on 4chan, a site frequently associated with leaked and controversial content.
Researcher Tip Triggers Discovery
Independent security researcher Kasra Rahjerdi alerted 404 Media about the vulnerability earlier this week. The dataset included intimate messages from as early as early 2023 up until last week, suggesting that the breach extended beyond the February 2024 cut-off mentioned in Tea’s earlier disclosure.
Rahjerdi’s analysis highlights a troubling timeline: Tea may have been leaking sensitive communications for well over a year, directly contradicting the company’s initial claim that the first incident affected only older accounts.
Company Disables DMs Amid Scrutiny
In response to the second breach, Tea posted on Instagram that it had temporarily disabled its direct messaging system:
“Out of an abundance of caution, we have taken the affected system offline.”
This move indicates the company is attempting to contain the damage and reassess the integrity of its security infrastructure. However, no further details were provided about restoring DMs or long-term plans to protect user privacy going forward.
App Popularity vs. Security Liability
Despite the breaches, Tea remains a highly downloaded app, currently ranking #2 on the Apple App Store’s top free chart. According to Sensor Tower, the app now boasts 2 million monthly active users — a significant audience now concerned about the security of their data.
Launched in 2023, Tea aimed to foster community-driven accountability in dating. Its features allow women to share reviews, warn others, and connect through private conversations. However, the core DM feature has now become a point of failure, placing the company in a precarious trust position.
Broader Implications for Safety Apps
Tea’s breaches could have a chilling effect on safety-first apps and platforms that rely on user-generated reports involving sensitive topics. Experts warn that platforms dealing with personal identities, abuse claims, or relationship disclosures must invest heavily in robust encryption, secure databases, and frequent audits.
Tea’s fallouts may serve as a cautionary tale for founders of social platforms, especially those focused on gender-based safety features. Without airtight data practices, platforms risk undermining the very trust they seek to build.
Tea’s Crisis Management in Question
The company’s limited transparency and delayed response are now being scrutinized by users and privacy advocates alike. Despite public statements on social media, there has been no comprehensive breach report or clear communication of what affected users should do next.
Moreover, the statement claiming the first breach only impacted users who signed up before February 2024 now appears inaccurate, given Rahjerdi’s findings.
If Tea hopes to regain user trust, it will likely need to:
- Publish a full incident report
- Offer data breach notifications to affected users
- Implement independent security audits
- Outline future protections and changes
Data Privacy Concerns Are Escalating
This incident comes at a time when data security in consumer tech is under increased scrutiny. With AI-enhanced scraping tools and rising cybercrime, the bar for app security continues to rise — and Tea’s incident shows what happens when that bar isn’t met.
Both Apple and Google have app store guidelines around user data protection. If Tea cannot demonstrate compliance, it may also risk delisting or facing restrictions from major platforms in the near future.
The Data
| Metric | Details | Source |
| Messages Exposed | 1.1+ million private messages | 404 Media |
| Initial Image Breach | 72,000 images incl. IDs | 404 Media |
| Monthly Active Users | 2 million | Sensor Tower |
| App Store Ranking | #2 Free App (iOS) | Apple App Store |
| DM Feature | Disabled after second breach | Tea’s Instagram |
Final Thoughts
Tea entered the dating app ecosystem as a feminist alternative — a platform built on transparency and shared warnings. However, two data breaches in quick succession now threaten its very foundation. Whether Tea can recover trust will depend not only on technical fixes but also on its willingness to own up to mistakes and lead with radical transparency.
