Tea App Exposes Users' Private Data and Messages in Major Leaks

Red Dog Security

2 min read
Tea App Exposes Users' Private Data and Messages in Major Leaks

The women-focused platform Tea has suffered two serious data breaches—first, an unsecured Firebase database containing users’ personal data was posted to 4chan, followed days later by a second leak exposing over 1.1 million private messages exchanged on the app.

What Is Tea?

Tea bills itself as a private, women-only community built around anonymity and verification. To join, users must submit selfies and government-issued ID to prove their identity—but remain anonymous inside the app.

The platform is used to:

  • Share dating experiences and reviews of men
  • Verify partners for fraud, hidden marriages, or criminal records
  • Discuss sensitive topics like abuse, reproductive health, and infidelity

First Breach: Firebase Misconfiguration Exposes Images and IDs

Last week, a 4chan user revealed that Tea was using an unsecured Firebase storage bucket, which exposed:

  • 72,000 images, including:
    • 13,000 verification selfies and ID documents
    • 59,000 images from public and private posts, comments, and direct messages
  • 59 GB of data, reportedly affecting users who joined before 2024

A Python script was shared to scrape data from the now-secured database. Within days, the leaked files—including driver's licenses, nude selfies, and personal attachments—appeared on torrent sites and hacker forums, putting users at immediate risk of doxxing, phishing, and blackmail.

Tea later stated that selfies and IDs were retained in order to comply with law enforcement requests, such as in cases of cyberbullying.

Second Breach: 1.1 Million Private Messages Leaked

A few days later, 404 Media reported the discovery of another unsecured database exposing:

  • 1.1 million private messages exchanged between 2023 and July 2025
  • Conversations about abortions, infidelity, bigamy, and more
  • Phone numbers, social media handles, and other personally identifiable information (PII)

Security researcher Kasra Rahjerdi found that any logged-in user could access other users’ data using their own API key. He also uncovered a vulnerability that allowed someone to send mass push notifications to all Tea users.

Fallout: From “Safe Space” to Doxing Hub

The leaks have shattered Tea’s promise of anonymity and transformed it into a liability:

  • Users have been deanonymized through phone numbers, profile links, and message content
  • Doxing websites have emerged, posting “Top 50 Best/Worst Tea Users” rankings based on leaked selfies
  • The platform’s private messaging system has been temporarily disabled

Tea’s Official Response

Tea stated it is:

  • Working with cybersecurity experts and law enforcement
  • Investigating the full scope of the breaches
  • Offering free identity theft protection to affected users
“We’ve found no evidence of further infrastructure access. Our team is focused on strengthening Tea’s security and will share updates soon.”
— Tea spokesperson (via BleepingComputer)

Key Takeaways

  • Verification ≠ Security: Submitting real-world IDs to “anonymous” apps poses permanent risks
  • Firebase misconfigurations continue to be a major cause of cloud data leaks
  • Women-focused platforms are high-value targets for harassment, stalking, and blackmail

If you used Tea:

  • Assume your data is compromised
  • Freeze your credit reports and enable 2FA on all important accounts
  • Be alert for phishing, extortion attempts, and impersonation scams

Final Thoughts

This incident underscores a harsh truth: once an "anonymous" platform is breached, there's no going back. Collecting real identities while promising anonymity creates a dangerous illusion of safety—especially for communities that rely on discretion and trust.

Read more