Tea, a novel dating discussion app aimed at empowering women by providing a safe platform to discuss and evaluate the men they date, took the tech world by storm in 2023. Especially in the U.S., the app rapidly climbed the Apple App Store charts, capturing the hearts of many. However, its shining success soon turned murky. On July 25th, 2025, it was revealed that a massive data breach had compromised user information, including photo IDs, selfies, and comments, due to an unsecure legacy storage system. Recently, a further breach was uncovered, exposing over a million private messages, transforming the app into a privacy debacle.
The Tea app, developed to help women spot red flags in their dating lives, ironically inflicted harm on its users with these security lapses. Just days after the first breach of approximately 72,000 images made headlines, another leak involving private conversations added fuel to the fire, raising alarms about the extent of the privacy violations.
Reports emerged revealing that this second breach, more severe than the initial one, had exposed personal messages from around a million women. These messages covered sensitive topics like infidelity and abortion, fundamentally breaching the confidentiality that Tea had pledged to protect. An independent researcher discovered this security failure, further highlighting how deeply personal data had been compromised.
Tea responded to these incidents by confirming the hacking of private messages, yet emphasized that this was part of the initial breach rather than a new, separate incident. The company stated:
“We have recently learned that some direct messages (DMs) were accessed as part of the initial incident. Out of an abundance of caution, we have taken the affected system offline. At this time, we have found no evidence of access to other parts of our environment.”
Despite Tea’s assertions that the leaked messages were part of the original breach, this could be seen as an attempt to minimize the situation, even though more data was compromised than initially disclosed. The app now faces intense scrutiny as security concerns grow, with many pointing to significant failings in data protection protocols and labeling the situation as gross negligence on the company’s part.
