The women-only safety app Tea is facing a major security crisis after two separate data breaches exposed deeply personal information about its users, highlighting the vulnerabilities that can exist even in apps marketed as safe spaces for women.
Just days after the exposure of thousands of user verification images and IDs from a legacy database, an independent researcher revealed a second, more sinister vulnerability. This flaw allowed access to private messages exchanged between users, potentially containing sensitive details such as phone numbers, discussions about intimate relationships, and even conversations regarding abortion.
The researcher, Kasra Rahjerdi, was able to retrieve these recent conversations from a separate database, demonstrating the depth of the compromise. The breach also exposed back-end app features, granting unauthorized access to tools like mass push notifications— raising concerns about potential manipulation or harassment.
Adding to the urgency, Rahjerdi discovered this second vulnerability remained active until last week, coinciding with reports of the initial data leak. This suggests a persistent security lapse that allowed sensitive information to remain exposed for an extended period.
While Tea initially issued statements addressing the first breach and claiming no current user data was compromised, its subsequent response to 404Media acknowledges a broader investigation involving external cybersecurity firms and law enforcement. The company stated: “We are continuing to work expeditiously to contain the incident and have launched a full investigation with assistance from external cybersecurity firms. We have also reached out to law enforcement and are assisting in their investigation.”
This data catastrophe underscores the critical importance of robust security measures, especially for apps designed to protect sensitive information. The Tea app’s popularity surged recently amidst heated controversy surrounding its perceived role as an “anti-male” platform.
While debates raged about its effectiveness and potential biases, the vulnerability exploited by hackers allowed malicious actors to directly target female users. Geolocation data from the initial breach was used for doxxing — publicly revealing personal information like home addresses — violating the app’s promise of anonymity. Additional leaked images were subject to ridicule in online forums, while a disturbing trend emerged with the creation of copycat apps where men could share intimate details about women without their consent.
These events expose a dark underbelly to the burgeoning demand for online spaces catering specifically to women. While such platforms aim to provide safe havens for sharing experiences and seeking support, they also become potential targets for exploitation when security safeguards fail.
