Tea App Data Breach Worsens with User Chats Exposure in Second Data Leak

• Another compromise: A second Tea app exposure has come to light, involving an unprotected database that included user messages.
• Impact: A service marketed as safe for women is now at the center of a breach that has raised concerns about the safety and privacy of its users.
• First breach: The app had previously exposed 13,000 user selfies and ID photos, which were reportedly shared on forums like 4chan

The Tea app data breach has escalated into a more significant cybersecurity incident, with revelations of a second compromised database. This additional breach has exposed over 1.1 million private user messages alongside previously leaked personal data, escalating concerns around data privacy and integrity.  

Second Incident Details  

Initially, the breach was tied to an unsecured storage bucket that revealed 72,000 images that included photos shared in posts and comments, as well as 13,000 user selfies and IDs via unauthorized access to systems. 

Meanwhile, the stolen information was released on hacking forums. A Facebook user even posted clear pictures of women’s faces on Meta’s platform, allegedly from the Tea data leak.

When the first incident occurred, Tea said the incident concerned accounts registered before February 2024. However, a subsequent database leak has surfaced, exposing sensitive user chats from 2023 to last week, according to researcher Kasra Rahjerdi, 404 Media said. 

The 59 GB database allegedly contains 1.1 million direct messages (DMs), including highly personal discussions about topics such as abortions, infidelity, and complex personal relationships, which amplifies the risks of user chat exposure to social engineering attacks.  

While the first breach acknowledgement mentioned that emails or phone numbers were not exposed, they could now be if relayed via these DMs.

Rahjerdi mentions that any app user could use their own API key to access the stored user data.

Users on 4chan claimed that an exposed database was publicly available on Google’s mobile app development platform, Firebase.

Tea App’s Response  

The women-only dating safety platform confirmed in a public statement that these breaches stem from a legacy system compromised before February 2024. 

The platform has since taken the affected systems offline and is collaborating with cybersecurity experts to contain the breach. Additionally, users whose data has been exposed are being notified and offered free identity protection services.   

"We have recently learned that some direct messages (DMs) were accessed as part of the initial incident," Tea said in a recent report from BleepingComputer, adding that the affected system has since been taken offline, with no evidence of other compromised areas of their environment.

This Tea app data breach highlights ongoing vulnerabilities in consumer applications and underscores the urgent need for rigorous data privacy measures and robust cybersecurity frameworks in digital platforms.