© 2026 CoolTechZone - Latest tech news,
product reviews, and analyses.

Women’s dating app Tea hit by second data breach


Tea, the dating app for women, has suffered a second data breach in a short period. This time, hackers successfully exfiltrated 1.1 million direct messages.

Kasra Rahjerdi, an independent programmer and security researcher, notified 404 Media of another data breach at Tea.

He discovered that hackers could access messages between users discussing abortions, cheating partners, and phone numbers they sent to one another. This data was stored in a separate database and is much more recent than the first incident.

In addition, Rahjerdi found that the attackers were able to send a push notification to all Tea’s users.

According to 404 Media, the database contained over 1.1 million private messages and stretched from early 2023 up to last week. Some of the messages included private and sensitive details, which enabled the editorial staff to find out the real names of some Tea users.

Rahjerdi told the news outlet that every Tea user was able to use their own API key to access a more recent database of user data. According to the programmer and security researcher, this problem existed until late last week.

In an update regarding the data breach, Tea confirms that some direct messages were accessed. However, this was part of the initial incident, not the result of a second breach. To be safe, Tea has taken its DM functionality down.

“To address the issue and out of an abundance of caution, we have taken the affected system offline altogether. At this time, we have found no evidence of access to other parts of our environment,” the company states.

Because this is an active investigation involving external cybersecurity experts and the FBI, Tea says it can’t share more details of the incident at the moment, but promises to provide updates as soon as possible.

“Our team remains fully engaged in strengthening the Tea App’s security, and we look forward to sharing more about those enhancements soon. In the meantime, we are working to identify any users whose personal information was involved and will be offering free identity protection services to those individuals,” the company concludes.

Last week, Tea issued a statement saying that attackers managed to access a legacy system and stole 72,000 user pictures, including 13,000 selfies and photo identification submitted by users during account verification, and 59,000 images publicly viewable in the app from posts, comments, and direct messages.