Tea, a U.S.-based dating discussion app that recently suffered a major cyber security breach, has taken its messaging system offline after discovering that some users' private messages were accessed without authorisation.

The app, which is designed to provide women a safe space to discuss their dating experiences with men, soared to the top of the U.S. Apple App Store last week. However, on Friday, it confirmed that thousands of user-submitted selfies and photo IDs were leaked in the breach.

Late on Monday, Tea announced via its social media channels that it had "recently learned that some direct messages (DMs) were accessed as part of the initial incident."

Tea app suffers data breach, thousands of user photos exposed

"Out of an abundance of caution, we have taken the affected system offline," the company said. “At this time, we have found no evidence of access to other parts of our environment.”

It remains unclear how many messages were compromised in the breach.

The second issue was first reported by 404 Media, which cited an independent security researcher who found it was possible for attackers to access private conversations. These included discussions about sensitive topics such as abortions, infidelity, and phone numbers.

Last week, a spokesperson for the company said about 72,000 images were leaked during the initial breach. Among them, 13,000 were selfies or selfie-photo ID combinations submitted by users for verification. Another 59,000 images – including those from public posts, comments, and direct messages – were also accessed without authorization.

Tea has stated that no email addresses or phone numbers were accessed during the incident. The company also clarified that the breach only affected users who registered before February 2024.