Tea App Breach Exposes 1.1 Million Private Chats From Women‑Only Dating Community

More than 1.1 million private messages, photos, and driver‑license images from the women‑only dating‑safety platform Tea were left freely accessible on the internet after the company misconfigured its Firebase cloud database. Cyber‑sleuth Kasra Rahjerdi, who first flagged the lapse, told reporters he could read chats covering sensitive topics such as break‑ups, abortion, and sexual assault—along with phone numbers and meet‑up spots shared between users. Tea pulled the system offline and disabled DMs once the exposure was confirmed.

The leak marks the second major Tea incident this month; a prior hack had already spilled 72,000 user images. Researchers at BleepingComputer say copies of the fresh data dump are circulating on underground forums, raising fears of doxxing and extortion. Tea, which claims 4.6 million female members and ranks near the top of Apple’s App Store, is now working with the FBI and outside forensics teams, while offering identity‑protection services to affected users.‍

Privacy advocates compare the breach to 2015’s Ashley Madison scandal and warn that apps marketed as “safe spaces for women” face heightened stakes if protections fail. Security experts point to Tea’s secure API but poorly locked storage bucket as a cautionary tale: robust perimeter defenses mean little if backups and analytics data are left open. Regulators in California and the U.K. said they are reviewing the incident for potential violations of data‑protection law, setting the stage for hefty fines and stricter oversight of niche dating platforms.