{"id":683720,"date":"2025-08-07T06:40:19","date_gmt":"2025-08-07T03:40:19","guid":{"rendered":"https:\/\/buradabiliyorum.com\/en\/a-rival-tea-app-for-men-is-leaking-its-users-personal-data-and-drivers-licenses\/"},"modified":"2025-08-07T06:40:19","modified_gmt":"2025-08-07T03:40:19","slug":"a-rival-tea-app-for-men-is-leaking-its-users-personal-data-and-drivers-licenses","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/a-rival-tea-app-for-men-is-leaking-its-users-personal-data-and-drivers-licenses\/","title":{"rendered":"A rival Tea app for men is leaking its users’ personal data and driver’s licenses"},"content":{"rendered":"
\n

TeaOnHer, an app<\/a> designed for men to share photos and information about women they have supposedly dated, has exposed users\u2019 personal information, including government IDs and selfies, TechCrunch can confirm.<\/p>\n

The app, which launched on the Apple App Store earlier this week, is a response to another viral app Tea that allows women to post about the men they date. Tea is advertised as a women\u2019s safety app with more than 6 million users that is similar to \u201cAre we dating the same guy?<\/a>\u201d Facebook<\/a> networks. However, the app is controversial, since many of the claims that women post cannot be verified.<\/p>\n

The backlash surrounding Tea escalated last week, after 404 Media reported 4chan users retaliated by discovering a publicly exposed database<\/a> belonging to the app, which revealed over 72,000 images, including thousands of selfies and photo IDs submitted for account verification. A subsequent hack<\/a> exposed more than 1 million private messages sent over the app, prompting the app to disable its messaging feature.<\/p>\n

TeaOnHer, which is now ranked No. 2 among Lifestyle apps on iOS, appears to be a direct rebuttal to the Tea app, even copying the language from Tea\u2019s App Store description in its own listing.\u00a0<\/p>\n

But like the app it sought to emulate, TeaOnHer contains security flaws of its own.<\/p>\n

TechCrunch has found at least one security flaw that allows anyone access to data belonging to TeaOnHer app users, including their usernames and associated email addresses, as well as driver\u2019s licenses and selfies that users uploaded to TeaOnHer. Images of these driver\u2019s licenses are publicly accessible web addresses, allowing anyone with the links to access them using their web browser.<\/p>\n

In one case, TechCrunch saw a list of posts shared on TeaOnHer appended with each user\u2019s email address, display name, and self-reported location.<\/p>\n

TechCrunch is withholding some of the details of the bugs so as to not help malicious actors access anyone\u2019s data. The app\u2019s maker did not respond to emails from TechCrunch asking who we can report the flaws to. As such, TechCrunch is publishing this report with limited details of the issue, given the app\u2019s current popularity and the risk faced with using the app.<\/p>\n

TeaOnHer was uploaded to the iOS App Store by a developer named Newville Media Corporation. According to LinkedIn, the founder and CEO of this company is Xavier Lampkin.\u00a0<\/p>\n

TechCrunch identified at least one TeaOnHer record associated with Lampkin\u2019s own data.<\/p>\n

The security lapse will likely affect any user who signed up or shared identity documents with the app. The bug also exposes the number of users the TeaOnHer app has, which is about 53,000 users at the time of publication.<\/p>\n

TechCrunch also identified a potential second security issue, in which an email address and plaintext password belonging to the app\u2019s creator, Lampkin, was left exposed on the server. The credentials appear to grant access to the app\u2019s \u201cadmin\u201d panel. TechCrunch did not use the credentials, as doing so would be unlawful, but highlights the risks of inadvertently leaving admin credentials exposed to the web.<\/p>\n

Along with its security flaws, the content portrayed within TeaOnHer is troubling in itself. While the app requests IDs and selfies from its users to verify their identities \u2014 a process that is not automatic \u2014 users can access a \u201cguest\u201d view of the app without signing in.\u00a0<\/p>\n

Immediately upon opening \u201cguest\u201d view, TechCrunch saw several images of the same naked woman, posted under different names in a form of spam. It is not clear if this woman consented to this photo being shared. Other posts share the photos and names of women, alongside comments calling them \u201ceasy,\u201d or accusing them of spreading sexually transmitted infections.<\/p>\n

Across all free apps, TeaOnHer is ranked No. 17, higher than apps like Instagram, Netflix, Uber, and Spotify. Tea is currently ranked No. 2.<\/p>\n<\/div>\n

If you liked the article, do not forget to share it with your friends. Follow us on\u00a0Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n

\n

If you want to read more like this article, you can visit our Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n

Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

TeaOnHer, an app designed for men to share photos and information about women they have supposedly dated, has exposed users\u2019 personal information, including government IDs and selfies, TechCrunch can confirm. The app, which launched on the Apple App Store earlier this week, is a response to another viral app Tea that allows women to post…<\/p>\n","protected":false},"author":1,"featured_media":683721,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/08\/teaonher.jpg?resize=1200,675","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[15047,158040,70375,157960,61594,158041,146521,72287,76166],"class_list":["post-683720","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-privacy","tag-apple-app-store","tag-cybersecurity","tag-data-protection","tag-exclusive","tag-identity-verification","tag-know-your-customer","tag-security","tag-tea"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/683720","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=683720"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/683720\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/683721"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=683720"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=683720"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=683720"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}