Tea App Exposes Over a Million Messages in Second Leak

Just days after the Tea app made headlines for leaking thousands of personal images, the situation has worsened. A second breach has now exposed over 1.1 million private messages, including sensitive conversations and contact information, prompting Tea to take its direct messaging system offline.

If you read our previous post on the Tea breach, you know the first incident already raised serious red flags. The app, marketed as a space for women to safely share dating experiences, had leaked 72,000 images – including selfies used for identity verification and content from posts and chats. Now, the fallout has grown far deeper.

What Happened in the Second Tea App Breach?

According to new reporting from TechCrunch and 404 Media, an independent security researcher discovered another vulnerability. This one allowed access to private direct messages between users – conversations that included discussions about abortions, cheating, and phone numbers.

This leak impacts far more users than initially believed. Messages dating back to early 2023 were accessible, contradicting Tea’s earlier claim that the breach only affected users who joined before February 2024.

As a response, Tea has now disabled its messaging system entirely, stating this was done “out of an abundance of caution.” The company has not confirmed how long messages were accessible or how many users were affected, but the estimated scale suggests a breach of serious magnitude.

Why the Tea App Breach is Dangerous

The nature of the exposed data makes this more than just another headline – Tea’s core appeal was user safety. It promised a space to share private experiences, vent frustrations, and warn others. For many users, it felt like a protective community. Now, those same users are discovering that the app’s promise of safety didn’t extend to their data.

Worse, many of these messages are already circulating online. The first leak was distributed on 4chan, and this second breach could follow the same pattern.

In effect, the data that has been exposed creates real risks of physical harm, along with a slew of other consequences;

1. Stalking & harassment – Leaked location data can enable ex-partners, stalkers, or abusers to find and follow users.
2. Outing of abuse survivors – Users discussing abusive relationships in the app may now be re-exposed to those abusers.
3. Violence related to abortion discussions – In regions with strong anti-abortion sentiment or laws, users discussing abortion could face physical threats or targeted attacks.
4. Violation of trust and privacy – Conversations presumed private (about trauma, consent, sexuality, etc.) now weaponized against users.
5. Mental health repercussions – Survivors may experience PTSD, anxiety spikes, or depression from having their trauma exposed.
6. Forced re-disclosure – users may now be compelled to explain personal issues to family, friends, or employers before they’re ready.
7. Criminalized abortion – In certain U.S. states and international jurisdictions, messages could be used to prosecute abortion seekers or supporters.
8. Employment discrimination – Employers discovering discussions about mental health, trauma, or reproductive choices may retaliate – illegally or otherwise.
9. Custody battles and legal disputes – Exposed chats could be used out of context in family court settings to shame or discredit users.
10. Blackmail and extortion – Sensitive details are now accessible to bad actors who may demand money or favors in exchange for silence.

What The Tea App Breach Means for Everyone

Even if you never used Tea, this is a cautionary tale. Many apps, especially newer or niche platforms, collect vast amounts of sensitive personal data and don’t always invest in proper security.

If you’re posting (or even privately messaging) on social media, niche apps, anonymous confession boards, or pretty much any online platform – your data probably isn’t as secure as you think.

Data breaches have become commonplace. Private messages, personal info, account details, posts, comments, and activity logs are being made public overnight.

What You Can Do to Mitigate Harm from the Tea App Breach

If you use the internet, traces of your digital footprint may always exist.

The most ‘nuclear’ approach is maximum disengagement with the web. Delete all your posts, comments, and content, wipe and close all of your accounts, and request deletion from any other website or app with your information.

For most people – this is unrealistic. In spit of the risks, the internet is an important, functional part of most people’s lives. Lets explore some more reasonable ways you can mitigate harm of data breaches.

1. Clean Up Your Private Data Trail🧹

• Go back and delete sensitive old messages, posts, or images – especially on apps with weak security or unclear policies.
• Consider using a tool like Redact.dev to mass-delete content from dozens of platforms in one click. It’s the only tool that also removes your old posts and messages from social media – perfect for moments like this.

2. Revoke App Permissions & Disconnect Services🔒

• Disable location sharing, camera, and microphone access in your phone settings.
• Revoke access to third-party apps that are connected to your main accounts (Google, Apple, Facebook, etc.).
• Unlink contact syncing and stored contact data in settings.

3. Delete Accounts You No Longer Use🧾

• Inactive accounts are highly vulnerable to breaches and forgotten data leaks.
• The more data on your inactive accounts, the riskier they are to leave online – delete all your content, remove as much information as you can, then close the account.
• You can use redact.dev to quickly delete old content in bulk from major social media platforms.

4. Monitor for Breaches & Suspicious Activity 📬

• Check if your info has been exposed with HaveIBeenPwned.
• Check your inbox (regularly) for emails, DMs, or texts that reference private details – they could be phishing or extortion attempts.

5. Protect Your Mental Health🧠

• Breaches like this are traumatic. It’s okay to feel overwhelmed.
• If you’re struggling, reach out to a mental health professional, trauma-informed hotline, or peer support community. Most countries have free hotlines available that can provide basic support.

6. Document, Report & Push Back⚖️

• If you find your leaked content online, screenshot and document it.
• Report the breach to your country’s privacy regulator (e.g. FTC in the U.S, OAIC in Australia).
• If legal action emerges, save copies of your data and consider joining or supporting group efforts.

7. Practice Digital Minimalism Moving Forward🧠

• Share less, especially on smaller apps that promise safety but lack security budgets. Avoid sharing any personal or private information on unencrypted channels.
• Use end-to-end encrypted platforms (Signal > Instagram DMs, for example).
• When you do post, use pseudonyms or burner accounts for highly sensitive content.

8. Make Redact.dev Part of Your Digital Hygiene💬

Redact.dev exists because of breaches like this. It helps you:

• Auto-delete old social media posts, messages, and comments
• Clean up years of social media history in a few clicks
• Protect you from phishing, vishing and other cybercrimes

If you follow the steps above, your digital footprint will be substantially smaller and your personal risk of harm from data breaches will be reduced significantly.