Overview

• Security researcher Kasra Rahjerdi and 404 Media revealed that hackers accessed more than 1.1 million direct messages containing sensitive discussions dating back to early 2023.
• This follow-up breach occurred days after an initial leak of about 72,000 user verification images, including selfies and photo IDs stored in a legacy system.
• Tea has suspended its direct messaging feature and hired third-party cybersecurity experts to shore up its systems and prevent further leaks.
• Two separate class-action lawsuits filed in Northern California allege negligence and breach of implied contract over the app’s data retention promises.
• Affected users are being notified by Tea and offered free identity protection services as calls grow for stricter security standards on dating platforms.