The data breach affecting the women-only Tea app has escalated, with hackers leaking an additional database containing over 1.1 million private messages exchanged between members, including sensitive conversations about personal relationships, cheating, and abortions.
The Tea app, which requires government ID and selfie verification to access its dating safety platform, initially suffered a breach through an unsecured Firebase storage bucket. On Friday, a hacker posted on 4chan, revealing that the exposed data included selfies, ID photos, and other images—amounting to over 59 GB in total. A shared Python script made it easy for others to download the leaked files, which were later confirmed to contain driver’s licenses and private media.
Tea acknowledged the breach in a public statement, saying the leak affected users who registered before February 2024. The compromised dataset included roughly 72,000 images—13,000 of which were selfies or ID photos—and 59,000 images from posts, messages, and comments.
In a new development, 404 Media reports that a second, more recent database has surfaced containing 1.1 million private messages dating from 2023 to July 2025. The messages were accessible using standard API keys issued to Tea users, making it possible to identify individuals via phone numbers, usernames, or links to social media.
Researchers fear the exposure could fuel large-scale harassment, doxxing, and even blackmail. Some hackers have already created a “facesmash”-style site using the leaked selfies, turning what was meant to be a secure space for women into a dangerous online spectacle.
Tea has since taken affected systems offline and says it’s working with cybersecurity experts and law enforcement to investigate the breach. The platform plans to offer free identity protection services to impacted users and promises to share further updates as the investigation continues.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
