"Tea" App Data Breach Leaks 72,000 Images and Private DMs of Users
A data breach at Tea, the viral app that enables women to post anonymous reviews of men, has been found to be more severe than initially reported. While Tea previously acknowledged a breach involving around 72,000 images - including user photos and driver’s licenses - the company has now confirmed that private direct messages (DMs) were also accessed during the incident. A spokesperson said the affected system has been taken offline “out of an abundance of caution.”
Over 1.1 million private messages exchanged on the app from February 2023 through July 2025 have been accessed, many of which contained sensitive personal topics such as divorce, cheating, abortion, and assault. Some chats even included phone numbers and meetup locations, exposing users to serious privacy risks. The breach was traced to Firebase, the app development platform Tea used to store data.
Tea has notified users of the breach, stating that DMs were accessed and that the chat feature has been disabled for now. The company is offering free identity protection services to affected users and is cooperating with the FBI in an active investigation. The breach comes just as Tea hit the No. 1 spot on the App Store, with a self-reported user base of over 4.6 million women.
To prevent breaches of this magnitude - especially those involving personal data - organizations must adopt end-to-end cybersecurity strategies backed by deep network forensics. This includes full data capture capabilities to monitor all network activity in real-time, detect misconfigurations (like insecure third-party integrations), and trace any unauthorized access at the packet level. Beyond technical safeguards, this approach helps protect customer trust, maintain brand reputation, and reduce legal exposure - especially in industries where privacy is central to the user experience. In a data-driven world, security can’t stop at the app layer - it must extend across all platforms, cloud services, and communication channels. Read more about this story on our LinkedIn page
Over 1.1 million private messages exchanged on the app from February 2023 through July 2025 have been accessed, many of which contained sensitive personal topics such as divorce, cheating, abortion, and assault. Some chats even included phone numbers and meetup locations, exposing users to serious privacy risks. The breach was traced to Firebase, the app development platform Tea used to store data.
Tea has notified users of the breach, stating that DMs were accessed and that the chat feature has been disabled for now. The company is offering free identity protection services to affected users and is cooperating with the FBI in an active investigation. The breach comes just as Tea hit the No. 1 spot on the App Store, with a self-reported user base of over 4.6 million women.
To prevent breaches of this magnitude - especially those involving personal data - organizations must adopt end-to-end cybersecurity strategies backed by deep network forensics. This includes full data capture capabilities to monitor all network activity in real-time, detect misconfigurations (like insecure third-party integrations), and trace any unauthorized access at the packet level. Beyond technical safeguards, this approach helps protect customer trust, maintain brand reputation, and reduce legal exposure - especially in industries where privacy is central to the user experience. In a data-driven world, security can’t stop at the app layer - it must extend across all platforms, cloud services, and communication channels. Read more about this story on our LinkedIn page