A second major data breach at the women’s dating safety app Tea has revealed over a million sensitive user messages, including discussions about abortions, infidelity, and shared contact information. This breach, confirmed by 404 Media, impacts a more recent database containing messages up to last week, adding to an earlier breach that exposed tens of thousands of selfies and driver’s license images. The vulnerability allows unauthorized access to private conversations and real-world identities, raising serious privacy and security concerns. The breach was uncovered by 404 Media, who verified that the second issue impacting a separate database is much more recent, affecting messages up to last week. The researcher found that Tea users could potentially access a more recent database of user data using their own API key, exposing private messages and real-world identities. The first breach was due to an exposed instance of app development platform Firebase, and impacted tens of thousands of selfie and driver license images. Tea told 404 Media it has contacted law enforcement. The data exposed in this breach could put Tea’s users at risk if it fell into the wrong hands, with users potentially being identified through their social media handles, phone numbers, and real names shared in the chats. The new data exposure is due to any Tea user being able to use their own API key to access a more recent database of user data, Rahjerdi said. This issue existed until late last week, and the exposure included a mass of Tea users’ private messages. In some cases, the women exchange phone numbers so they can continue the conversation off platform. It is unclear who else may have discovered the security issue and downloaded any data from the more recent database.