The Tea dating app, designed to provide a safe space for women to share information about men, has suffered a second major security breach within days. A new report reveals that private messages exchanged by over 1.1 million users were leaked online, exposing deeply personal conversations, including those discussing cheating partners, abortions, and phone numbers.

This breach comes just days after another incident where selfies and government-issued IDs of users were exposed. The latest leak involves a newer and significantly larger cache of data, raising even greater concerns about the platform’s security practices.

Cybersecurity researcher Kasra Rahjerdi uncovered the vulnerability and shared his findings with 404 Media, which verified the authenticity of the leaked content. According to the report, the internal API of the app was left exposed, allowing anyone with access to view private user messages. The messages date from early 2023 through to the past week. Unlike the earlier breach, which Tea claimed involved outdated storage systems, this issue affected active infrastructure, making it more severe.

The exposed chats revealed women finding out they were dating the same man, sharing identifying details like the car he drove. Others discussed sensitive personal experiences such as abortions and troubled relationships. Some messages came from wives who had discovered their husbands on the app and contacted other users.

Despite Tea’s recommendation that users choose anonymous usernames, many included their real names, phone numbers, or links to social media accounts in conversations. This has led to renewed fears about the safety and privacy of those using the app.

The initial breach had already sparked backlash online after leaked images appeared on platforms such as 4chan. In a disturbing twist, users began using the photos in a “Facemash”-style website, asking visitors to vote on who looked more attractive, further intensifying privacy concerns.

Tea, which boasts over 1.6 million users and had recently climbed the App Store charts, became popular for its strict verification process that relied on user-submitted selfies. However, the consecutive breaches have called the platform’s data protection capabilities into question.

Responding to the latest breach, a Tea spokesperson told 404 Media: “We are continuing to work expeditiously to contain the incident and have launched a full investigation with assistance from external cybersecurity firms. We have also reached out to law enforcement and are assisting in their investigation. Since our investigation is in its early stages, we do not have more information we can share at this time.”

There is still uncertainty over whether others, beyond the researcher, accessed the exposed data. With both sensitive identity documents and personal conversations now potentially compromised, concerns around user safety have reached a critical level.