‘Tea’ troubles: Clone app for men to report on women is leaking data, too

An app for men to share information about women they’ve allegedly dated has left its users’ personal information exposed online. News of the leak comes days after the women-only site the app mimicked, Tea, reported a significant data breach.

TeaOnHer, released just this week, has exposed the usernames, email addresses, driver’s licenses, self-reported locations and selfies of users. All are publicly accessible through a web browser.

TechCrunch first reported the data exposure.

App developer affected

TeaOnHer, which has about 53,000 users, was published on the iOS app store by a developer named Newville Media Corp. According to TechCrunch, the company’s LinkedIn page lists the CEO as Xavier Lampkin.

An exposed server examined by TechCrunch showed that the leak has even affected Lampkin, whose email address and plaintext password were present. It’s believed that the credentials could allow a malicious actor to gain access to the app’s admin panel.

TechCrunch did not receive a response after attempting to contact TeaOnHer about the exposed data.

TeaOnHer is currently the second-most popular app in the iOS store’s lifestyle category and is No. 17 among all free apps.

Tea’s troubles

TeaOnHer emerged following the success of Tea, an app that allows women to share anonymous reviews of men, which gained widespread online attention. Men discussed on the app claimed they could suffer reputational harm based on unverified allegations.

A user of the controversial imageboard 4chan discovered that more than 72,000 sensitive images from Tea were exposed on a misconfigured database. The images were distributed on 4chan and on the social media platform X.

A security researcher soon discovered that Tea, which is said to have more than 6 million users, also left more than 1 million direct messages exposed. The app then turned off its messaging feature.

The two security incidents led to a class-action lawsuit against Tea, 4chan and X.

Ella Rae Greene, Editor In Chief

Ella Greene

Ella and the staff at Clear Media Project (CMP) curate these articles.
Unless otherwise noted CMP does not write these articles.
The views, thoughts, and opinions expressed in the articles published on this blog belong solely to the original authors and do not necessarily reflect the views of the blog owner. The blog owner does not claim ownership of the content shared by contributors and is not responsible for any inaccuracies, errors, or omissions.

All rights and credits goes to its rightful owners. No Copyright Infringement is intended. If you believe any content infringes on your rights, please contact us for review and potential removal.

See author's posts