The data breach at Tea, the viral app that allows women to post anonymous reviews of men, was bigger than initially reported and included private messages.
Last week, the app acknowledged that it had experienced a data breach of about 72,000 images, including users’ photos and driver’s licenses.
Now, a Tea spokesperson tells Business Insider that the company “recently learned that some direct messages (DMs) were accessed as part of the initial incident.”
“Out of an abundance of caution, we have taken the affected system offline,” the spokesperson added.
Security researcher Kasra Rahjerdi told BI that he was able to access more than 1.1 million private messages between Tea’s users, including “intimate” conversations about topics like divorce, abortion, cheating, and rape. Some chats included details like phone numbers and locations to meet up, Rahjerdi said. The chats were from February 2023 through July 2025.
404 Media first reported on Rahjerdi’s findings.
Rahjerdi told BI that he accessed Tea’s app data using Firebase, an app development platform. Rahjerdi said he was able to access real-time data until about 4 a.m. ET on July 26.
It’s not clear if others had accessed this data with the intent to leak or otherwise use it.
Related stories
Business Insider tells the innovative stories you want to know
Business Insider tells the innovative stories you want to know
Rahjerdi said Tea “did do a lot of really good security stuff on the code they wrote themselves,” describing the company’s own API as “very secure.”
The problem was that Tea used Firebase to store its data, Rahjerdi said, adding that Tea “didn’t do the same work there.”
“We are working to identify any users whose personal information was involved and will be offering free identity protection services to those individuals,” the Tea spokesperson said.
Tea informed users in the app on Monday that DMs were accessed in the breach, adding that the app’s DM feature was “temporarily unavailable.” The company also told users in the post that there was an “active investigation involving external cybersecurity experts and the FBI,” which was limiting what information Tea could share and when it could do so.
Before news of its data breach broke on Friday, the app had soared to the top of the Apple App Store last week, hitting the top spot. On Monday, it was No. 2 on the chart.
On Tea’s website, it says it has a “community of over 4,647,000 women.”
In addition to anonymously reviewing men with “red” or “green” flags, the app also lets women seek dating advice and access tools like background checks.
