备受关注的匿名评价男性应用TeaApp近日爆出数据泄露事件，规模远超初期报告。此次泄露不仅涉及用户照片和驾照等信息，更令人担忧的是，安全研究员发现超过110万条用户私信被访问，其中包含涉及离婚、堕胎、出轨甚至强奸等敏感话题的“私密”对话。部分聊天记录甚至包含用户联系方式和约会地点。研究员指出，泄露源于TeaApp使用了Firebase存储数据，但相关安全措施未能跟上。目前，TeaApp已将受影响系统下线，并承诺为受影响用户提供身份保护服务，同时与FBI及外部网络安全专家展开联合调查。

🚨 **数据泄露规模远超预期：** TeaApp最初承认的数据泄露事件，仅涉及约72,000张包含用户照片和驾照的图片。然而，后续调查揭示，此次事件更为严重，安全研究员Kasra Rahjerdi能够访问超过110万条用户之间的私信，这些信息包含了极其敏感的个人话题，且部分聊天记录可能包含用户的联系方式和线下约会细节，时间跨度从2023年2月至2025年7月。

🔒 **私信内容包含高度敏感信息：** 被访问的私信内容涉及用户生活中极度私密的方面，例如离婚、堕胎、出轨和强奸等话题。这些内容不仅暴露了用户的个人隐私，也可能引发严重的社会和情感后果，凸显了此类匿名评价平台在用户数据保护方面面临的巨大挑战。

🛠️ **安全漏洞源于数据存储方式：** 研究员Rahjerdi指出，TeaApp自身编写的代码在安全方面做得相当不错，其API也相当安全。然而，问题的关键在于TeaApp使用了Firebase这一应用开发平台来存储其数据，但未能在此平台上采取同等级别的安全防护措施。这种数据存储策略的疏忽，直接导致了大规模的数据泄露。

⚖️ **官方回应与后续措施：** TeaApp发言人已确认部分私信被访问，并表示已将受影响的系统暂时下线。公司已通知用户私信功能暂时不可用，并正在与外部网络安全专家及FBI合作进行调查。TeaApp承诺将识别受影响用户，并为其提供免费的身份保护服务，以减轻潜在的身份盗窃风险。

📈 **事件对应用影响：** 在数据泄露事件曝光前，TeaApp一度登顶苹果应用商店排行榜首位，显示了其在女性用户群体中的受欢迎程度。然而，此次大规模数据泄露事件无疑对其声誉和用户信任度造成了严重打击，其在应用商店的排名也随之下降。

The data breach at the Tea app, used to review men anonymously, was bigger than initially reported.Direct messages, which included sensitive topics, were accessed by a security researcher.A Tea spokesperson confirmed to Business Insider that "some direct messages (DMs) were accessed."

The data breach at Tea, the viral app that allows women to post anonymous reviews of men, was bigger than initially reported and included private messages.

Last week, the app acknowledged that it had experienced a data breach of about 72,000 images, including users' photos and driver's licenses.

Now, a Tea spokesperson tells Business Insider that the company "recently learned that some direct messages (DMs) were accessed as part of the initial incident."

"Out of an abundance of caution, we have taken the affected system offline," the spokesperson added.

Security researcher Kasra Rahjerdi told BI that he was able to access more than 1.1 million private messages between Tea's users, including "intimate" conversations about topics like divorce, abortion, cheating, and rape. Some chats included details like phone numbers and locations to meet up, Rahjerdi said. The chats were from February 2023 through July 2025.

404 Media first reported on Rahjerdi's findings.

Rahjerdi told BI that he accessed Tea's app data using Firebase, an app development platform. Rahjerdi said he was able to access real-time data until about 4 a.m. ET on July 26.

It's not clear if others had accessed this data with the intent to leak or otherwise use it.

Rahjerdi said Tea "did do a lot of really good security stuff on the code they wrote themselves," describing the company's own API as "very secure."

The problem was that Tea used Firebase to store its data, Rahjerdi said, adding that Tea "didn't do the same work there."

"We are working to identify any users whose personal information was involved and will be offering free identity protection services to those individuals," the Tea spokesperson said.

Tea informed users in the app on Monday that DMs were accessed in the breach, adding that the app's DM feature was "temporarily unavailable." The company also told users in the post that there was an "active investigation involving external cybersecurity experts and the FBI," which was limiting what information Tea could share and when it could do so.

Before news of its data breach broke on Friday, the app had soared to the top of the Apple App Store last week, hitting the top spot. On Monday, it was No. 2 on the chart.

On Tea's website, it says it has a "community of over 4,647,000 women."

In addition to anonymously reviewing men with "red" or "green" flags, the app also lets women seek dating advice and access tools like background checks.