Last week, the two-year-old social media app Tea, which functions as a Yelp-style platform where women can anonymously rate and review real men who cannot access the app nor respond, experienced an intense moment of virality that rocketed it to the top of the most-downloaded list on Apple's App Store. But within days, it faced a major data breach that leaked years-old user data. And now there are reports of a second breach, and it's even worse.Reps for the app said last week that the data that leaked was about two years old, and that no information related to users who joined more recently appeared to be included. But according to a new report from 404 Media, the second incursion leaked direct messages and other data from as recently as last week. The second data breach included more recent informationAccording to 404 Media's report, an independent security researcher named Kasra Rahjerdi reported the second breach, noting "it was possible for hackers to access messages between [Tea] users discussing abortions, cheating partners, and phone numbers they sent to one another." This breach appears to be of a separate database, not the same one that was at issue last week, and this database stored much more recent information. In last week's breach, hackers were able to view and disseminate user verification images—including photos of driver's licenses—that were submitted when women signed up for the service. At the time, a spokesperson for Tea Dating Advice, Inc. confirmed to me that the app, "identified unauthorized access to one of [its] systems and immediately launched a full investigation to assess the scope and impact." The initial results of this effort suggested, "the incident involved a legacy data storage system containing information from over two years ago. Approximately 72,000 images—including approximately 13,000 images of selfies and photo identification submitted during account verification and 59,000 images publicly viewable in the app from posts, comments, and direct messages—were accessed without authorization." The representative added, "At this time, there is no evidence to suggest that current or additional user data was affected."In the wake of this new information, I reached out to Tea again today. The spokesperson said they have no additional comment at this time.What the breach may meanIn its report, 404 Media makes clear that this security issue was noticed and flagged by an independent researcher—but there's no way of knowing who else may have discovered it and not taken the info to the media. The outlet was able to confirm that the database included private, potentially sensitive information about not only the women who were chatting within the app, but the men they were discussing. Some women shared phone numbers and private details of their interactions with men and made accusations about the men's conduct. While Tea encourages users to create anonymous usernames, 404 Media reported it wasn't hard to tie at least a few of the messages back to real-life people. What does this mean for users of the app? At this point, it's impossible to say whether anyone else has gotten ahold of this information, or if it has been uploaded anywhere online. But the information that was accessible is quite private and, given that Tea users are assured of the anonymity of the app, the news is understandably upsetting for anyone who may have shared intimate details using the app. What you need to know about TeaIf this is the first you're hearing about Tea, congratulations, because that means you aren't as terminally online as I am. I hope you had a nice weekend doing all kinds of real-life activities. But whether you know a lot, a little, or nothing about Tea, allow me to give you a rundown on the ill-fated app.As noted, Tea is a Yelp-style social media app that only women can join. To do so, users must send in a verification photo that proves they are a woman (although it's still unclear how that works, and what the implications are for LGBTQ+ or gender non-conforming people who may want to sign up). Once approved, users can search for men by name, find ones they know, and leave comments about them. Users can also simply append a "red flag" or "green flag" reaction to a man. The volume of red or green flags is meant to show any other women looking him up whether he's a good guy, or a bad guy. Like a Rotten Tomatoes score, there is very little room for nuance on here. In theory, men can't access the app, so they have no recourse if they're drowning in red flags and warnings on Tea. In fact, they may not realize they have a page dedicated to them on the app at all. That's notable, given that Tea announced that last week that it had received more than 2.5 million new requests to join the app—meaning a man's profile is potentially visible to millions of women, whether he even realizes it exists.Granted, you could argue that if someone doesn't want to be branded a "red flag man," they should act more like a "green flag man." But the lack of any kind of due process could certainly lead to major reputational damage for men who may or may not deserve it. Though the app's tagline is "Dating safely for women" and it advertises that users can "run background checks," "identify potential catfish," and "verify he's not a sex offender," among other things, the ability to anonymously leave comments about men is a major draw—and, if used nefariously to defame someone who doesn't deserve it, a major drawback.I certainly acknowledge that warning women of abusers, violent men, and cheaters is a good, safe thing to do and that anonymously rating people and not having to provide any proof of the accusations you're publicly making against them is potentially a very bad thing. And inarguably, the fact that thousands of women's photos and private messages were stored in such an insecure way by Tea that they have been exposed in multiple data breaches is definitely a very bad thing. No one is winning here.