Tea, a dating discussion app that recently suffered a high-profile cybersecurity breach, announced late Monday that some direct messages were also accessed in the incident.
The app — designed to let women safely discuss men they date — rocketed to the top of the U.S. Apple App Store last week but then confirmed on Friday that thousands of selfies and photo IDs of registered users were exposed in a digital security breach.
404 Media was the first to report on this second security issue, citing an independent security researcher who found it was possible for hackers to access messages between users discussing abortions, cheating partners, and phone numbers.
In a statement posted on its social media accounts, Tea said it “recently learned that some direct messages (DMs) were accessed as part of the initial incident.”
“Out of an abundance of caution, we have taken the affected system offline,” the app said. “At this time, we have found no evidence of access to other parts of our environment.”
It is currently unknown how many messages were left exposed by the vulnerability.
Tea has said about 72,000 images were leaked online in the initial incident, including 13,000 images of selfies or selfies featuring a photo identification that users submitted during account verification.
Another 59,000 images publicly viewable in the app from posts, comments and direct messages were also accessed without authorization, a spokesperson said last week.
No email addresses or phone numbers were accessed, the company said, and the breach only affects users who signed up before February 2024.
AP
