Tea app disables DMs after second security issue exposes over a million private messages

Less than a week after suffering a high-profile cybersecuritybreach, the dating safety app, Tea, has announced some direct messages were also accessed in the incident. The second security issue has prompted the app to disable its private messaging feature “out of an abundance of caution”.

On Friday, July 25 the dating safety app Tea became aware of a data breach which exposed 72,000 images - including selfies and photo IDs used for account verification. The personal data was reportedly shared by users on 4chan, an image-based bulletin board.

On Monday, July 28, 404 Media - which was the first to report on the initial breach - shared news of a second major security issue after receiving information from an independent security researcher.

As verified by 404 Media, an independent researcher said hackers were able to access over a million private messages between users, including discussions of abortions, infidelity, and the sharing of personal phone numbers.

READ MORE: Universal Credit households to receive new £320 Cost of Living payment this summer

READ MORE: AIMEE WALSH: 'I met Bonnie Blue as TV show feeds rage-bait machine and earns millions'

While Tea users operate with anonymous screennames, 404 Media confirmed it was simple to uncover user identities and personal details through the private messages it obtained.

This new revelation contradicts Tea’s initial statement which stated that only users signed up before February 2024 were affected by the security breach. The independent investigation revealed messages from early 2023 (when Tea launched) up until last week.

On Tuesday , July 29, Tea shared that it will temporarily disable its direct messaging feature, presumably in response to the report. The company posted: “We have recently learned that some direct messages (DMs) were accessed as part of the initial incident.

“Out of an abundance of caution, we have taken the affected system offline. At this time, we have found no evidence of access to other parts of our environment.”

Just a day before news of the second issue was revealed, Tea stated that it was working with “some of the best external cybersecurity experts out there” and that an investigation was ongoing.

In a statement to the Mirror this week, a spokesperson for Tea said the company detected a security incident on Friday, July 25 and immediately took steps to contain the incident and launched a full investigation. "We have also reached out to law enforcement and are assisting in their investigation," the spokesperson confirmed.

Despite the upheaval of the data breach, Tea said it has received over 2.5million requests to join in the past week alone and that it is struggling to meet response and acceptance times.

In its latest post Tea shared that it expanded its approvals team and instigated an “updated, expedited approvals process” to move through its waitlist more quickly. The company said it has accepted over 800,000 new member requests between July 30 and July 31 morning alone, but that the waitlist is already back up to 1.5 million requests.

Tea brands itself as a resource for women to protect themselves while dating by hosting an anonymous forum to seek advice about men they are interested in or report “red flag” behaviour of past dates. All posts are anonymous and women must be verified before joining.

The company has grown in increasing popularity over recent months, becoming the top free app in Apple’sdownload rankings. However, it has received criticism for violating men’s privacy and has been called the “man-shaming” app.

Help us improve our content by completing the survey below. We'd love to hear from you!