The Tea app data breach has gotten much worse. Tea has now admitted that over one million private messages between users were also exposed in a second, more devastating breach.
Now, two class action lawsuits have been filed and they’re going after the entire system that allowed this to happen.
A Second Data Breach
The first breach exposed a staggering 72,000 photos, many of which were IDs and selfies submitted for account verification. Some of those images reportedly ended up on 4chan. Tea tried to downplay the severity by claiming it only affected users who joined before February 2024.
Unfortunately, cybersecurity researcher Kasra Rahjerdi has discovered a second breach, this time of over 1.1 million private messages. On Tuesday, Tea announced on Instagram its private messaging feature has been disabled “out of an abundance of caution.”
These conversations include users sharing phone numbers and discussions ranging from abusive partners to abortions. They stretch from early 2023 all the way to July 2025, so if you’ve used the app at any point in the last two years, your messages might be out there.
Class Actions Have Already Been Filed
Two class action lawsuits have now been filed in California, accusing Tea of failing to safeguard user data that was supposed to be deleted.
One of the lawsuits is seeking an injunction that’ll force Tea to encrypt all of its data and remove personal information about its users. The second lawsuit was filed on behalf of a Jane Doe. She used Tea to warn others about a man in her California community accused of sexual assault. She now fears her anonymity has been compromised. That case also lists 4chan and X (formerly Twitter) as defendants, since it’s where the leaked data surfaced.
What Can Affected Users Do?
For those who used Tea, especially before February 2024, this fiasco could endanger the very women the app was supposed to protect. If the leaked data falls in the wrong hands, it could lead to identity theft, blackmail, stalking, or worse.
Here’s what privacy experts recommend:
- Check your credit reports and set fraud alerts with major credit bureaus.
- Change your passwords, especially if you reused your Tea login credentials elsewhere.
- Watch out for scams and blackmail attempts related to your Tea activity.
- Enable multi-factor authentication on all major accounts.
- Consider signing up for identity theft protection.
- Keep records of any harassment and report it to local law enforcement.
- Adjust your privacy settings on social media or change handles if needed.
- Stay updated on the lawsuits through class-action sites or legal news outlets.
- If you’ve experienced specific harm like fraud or harassment, consult a privacy lawyer.
- File a complaint with your state’s attorney general, especially if you live in California.
A Bigger Problem Than Just Tea
Dating and social platforms are collecting more personal data than ever, often with minimal security infrastructure to back it up. That includes things like facial recognition selfies, phone numbers, social handles, and private DMs. All of this sensitive information can cause a lot of problems in the wrong hands.
Keep in mind that Tea was the #2 free app on Apple’s App Store just weeks ago. Its rise (and security breaches) show how quickly things can spiral when companies put growth ahead of security.
These breaches are a brutal reminder that uploading your ID to a supposedly “safe” app doesn’t mean it’ll stay safe forever. Private conversations don’t stay private when tech companies cut corners on encryption and data handling.
For now, the best users can do is take precautions, stay informed, and consider legal recourse if affected. But the burden of data protection shouldn’t fall solely on users. It’s about time for platforms to be held accountable. Because once your privacy is gone, you can’t just get it back with a password reset.
