The recent data breach involving TEA, a messaging app marketed for privacy, appears to be more extensive than initially reported. New findings reveal that over one million private messages were exposed due to a misconfigured cloud server that was publicly accessible without authentication.
Earlier, it was believed that only a few thousand users were affected. However, security researchers now estimate that the breach compromised millions of records, including entire chat logs, usernames, profile pictures, phone numbers, and internal account IDs. In some cases, personal content such as photos, links, and voice memos were also part of the data exposed.
The breach came to light last week when researchers discovered that the TEA app’s database was left unsecured on a cloud storage bucket. This allowed anyone with a direct link to access the data. The server has since been locked down and made inaccessible to the public.
Although TEA’s developers initially downplayed the scale, newer evidence suggests that the issue persisted for months before discovery. Investigations are still ongoing, and so far there has been no confirmed evidence that the exposed data has been used in phishing or other malicious activity. Still, cybersecurity experts have warned that the scale of the exposure increases the risk.
TEA’s user base includes individuals who reportedly turned to the platform for more privacy-focused conversations. The app’s privacy policy had assured users that their information would be kept secure, making the current findings particularly concerning.
The company has not yet released a full public statement detailing how the breach occurred or how many users were affected in total. However, it confirmed to TechCrunch that it is working with external security experts and law enforcement as part of its investigation.
As the situation develops, users are being advised to review their TEA account settings, change reused passwords, and remain cautious about suspicious activity tied to their phone numbers or online identities.
