The Tea platform suffered from two major data leaks. First, an unprotected Firebase database containing users’ personal information was discovered on 4chan, and then a second database was found containing 1.1 million personal messages exchanged by users.
Tea is a platform primarily oriented towards women. It is a closed community where all participants remain anonymous but must undergo verification by providing selfies and documents to confirm their identity, ensuring security and confidentiality. In essence, Tea allows users to verify information about potential partners and share “reviews” about men, such as experiences from conversations and dates. It also enables the checking of information for fraud and fakes, secret marriages, criminal records, and so on.
At the end of last week, information appeared on 4chan that Tea is using an unsecured Firebase storage, where photos of documents and selfies, which users upload to the platform for identity verification, can be found, as well as photos and images they share with each other in comments.
An anonymous user shared a Python script that could be used to download data from the now secured database.
In total, this leak exposed more than 59 GB of data, and Tea representatives confirmed that the issue affected users who registered with the app before 2024.
“The dataset includes about 72,000 images, including approximately 13,000 selfies and photos provided by users for account verification, as well as around 59,000 images publicly available in the app in posts, comments, and private messages,” platform representatives reported.
Tea explained that selfies were not deleted due to law enforcement requirements related to preventing cyberbullying.
As a result, torrents with leaked data (users’ driver’s licenses, selfies, and message attachments) began to appear on the web and hacker forums, potentially threatening app participants with phishing attacks.
However, the story did not end there. According to 404 Media, another unprotected Tea database has now been found online, containing 1.1 million personal messages exchanged by users.
This database contains updated data from 2023 up until last week. According to journalists, the database includes messages discussing highly sensitive topics, including abortions, infidelity, and polygamous men. In some cases, women exchanged phone numbers to continue conversations outside the platform.
As explained to the publication by cybersecurity researcher Kasra Rahjerdi, who discovered the new leak, any Tea user could access stored data of other people using their own API key. The researcher also stated that he found a way to send push notifications to all Tea users.
As noted by 404 Media, it is now possible to identify Tea users through social media profiles, phone numbers, and other personal data leaked due to the breach. Consequently, the platform, which was meant to be a safe space for women, has turned into a tool for bullying. For instance, websites are already emerging online offering to rate selfies of Tea users, taken from the leaked data. These websites even publish rankings of the 50 best and 50 worst.
Tea representatives stated that they continue to collaborate with third-party cybersecurity experts to localize the incidents and conduct an investigation. The company has also notified law enforcement agencies about the situation, and they are assisting with the investigation as well.
As reported by the company to journalists from Bleeping Computer, the compromised personal messaging system is currently disabled for security reasons.
“At the moment, we have found no evidence of access to other parts of our infrastructure. The investigation is still ongoing, and we will strive to provide timely updates on its results as information becomes available. Our team continues to work on strengthening the security of the Tea App, and we look forward to sharing these improvements soon. In the meantime, we are focused on identifying users whose personal data was affected by the [leak], and we are offering them free identity theft protection services,” Tea representatives stated.
2025.03.26 — Cloudflare to block all unencrypted traffic to its APIs
According to Cloudflare, effective immediately, only secure HTTPS connections to api.cloudflare.com will be accepted; while all HTTP ports are to be closed. The purpose of this decision…
Full article →
2025.03.16 — Researchers force DeepSeek to write malware
According to Tenable, the AI chatbot DeepSeek R1 from China can be used to write malware (e.g. keyloggers and ransomware). DeepSeek was released in January 2025 and caused a stir…
Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →
2025.02.25 — More than 100,000 users downloaded SpyLend malware from Google Play Store
According to Cyfirma, a malicious Android app called SpyLend was available on the official Google Play Store for some time and has been downloaded from there…
Full article →
2025.02.03 — PyPI introduces a project archival system to combat malicious updates
The Python Package Index (PyPI) introduces a new project archival system: a project can now be archived to notify users that it's not expected to be updated…
Full article →
2025.02.21 — Microsoft fixes vulnerability in Power Pages exploited by cybercriminals
Microsoft patched a severe privilege escalation vulnerability in Power Pages used by hackers as a 0-day. The vulnerability tracked as CVE-2025-24989 (CVSS score 8.2) pertains…
Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →
2025.02.18 — Chrome Enhanced Protection mode is now powered by AI
The Enhanced Protection mode in Google Chrome has been updated. Now it uses AI to protect users from dangerous sites, downloads, and extensions in real time.…
Full article →
2025.02.08 — Hackers exploit RCE vulnerability in Microsoft Outlook
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Federal Civilian Executive Branch (FCEB) Agencies that they have to secure their systems from ongoing…
Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members
The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…
Full article →