In a major privacy lapse, the Tea dating app—marketed as a safe space for women—has suffered a second severe data breach, this time compromising more than 1.1 million private conversations between users. The leaked messages include deeply personal and sensitive exchanges, putting the safety and anonymity of thousands of women at serious risk.

According to a report by 404 Media, the breach was discovered by cybersecurity researcher Kasra Rahjerdi. Rahjerdi found that a flaw in the app’s internal API allowed access to a vast database of user chats, dating as far back as early 2023 and continuing up until the past week. The messages included discussions about cheating partners, abortions, and even shared phone numbers and social media handles—content that many believed would remain strictly private within the platform.

This breach follows closely on the heels of a previous one that had already compromised selfies and government-issued ID photos submitted by users for verification. That incident made headlines when some of the leaked images were posted on platforms like 4chan, where anonymous users created a “Facemash”-style game to rank women’s photos—a disturbing misuse of sensitive data.

Unlike the earlier breach, which Tea claimed involved an outdated storage system, this latest incident affects the app’s current infrastructure. The revelation has therefore sparked deeper concerns about Tea's ability to safeguard its community, especially considering its marketing as a women-first platform aimed at providing a secure environment to share and verify experiences about men.

404 Media verified that the usernames tied to the exposed chats are still active on the app. This raises even more alarms about ongoing security risks and the possibility that other malicious actors may have also accessed the sensitive data before it was discovered by the researcher.

Some of the leaked chats reportedly involve women sharing painful and personal experiences. In one set of conversations, users realized they were dating the same man and shared specific details like car models to verify the overlap. Others included messages from wives who found their spouses on the platform and attempted to warn or connect with other users.

While Tea encourages the use of anonymous screen names, many users voluntarily revealed their real identities or contact information within private messages. This has heightened fears that some of the affected individuals could be easily traced, further endangering their safety.

In response to the incident, a Tea spokesperson told 404 Media:

“We are continuing to work expeditiously to contain the incident and have launched a full investigation with assistance from external cybersecurity firms. We have also reached out to law enforcement and are assisting in their investigation. Since our investigation is in its early stages, we do not have more information we can share at this time.”

The app currently claims to have over 1.6 million users and recently ranked among the top downloads on the App Store. However, the back-to-back security failures have cast a shadow over its reputation, prompting serious questions about whether the platform can still be trusted to protect its users.