‘Tea’ troubles: Clone app for men to report on women is leaking data, too

An app for men to share information about women they’ve allegedly dated has left its users’ personal information exposed online. News of the leak comes days after the women-only site the app mimicked, Tea, reported a significant data breach.

TeaOnHer, released just this week, has exposed the usernames, email addresses, driver’s licenses, self-reported locations and selfies of users. All are publicly accessible through a web browser.

TechCrunch first reported the data exposure.

App developer affected

TeaOnHer, which has about 53,000 users, was published on the iOS app store by a developer named Newville Media Corp. According to TechCrunch, the company’s LinkedIn page lists the CEO as Xavier Lampkin.

An exposed server examined by TechCrunch showed that the leak has even affected Lampkin, whose email address and plaintext password were present. It’s believed that the credentials could allow a malicious actor to gain access to the app’s admin panel.

TechCrunch did not receive a response after attempting to contact TeaOnHer about the exposed data.

TeaOnHer is currently the second-most popular app in the iOS store’s lifestyle category and is No. 17 among all free apps.

Tea’s troubles

TeaOnHer emerged following the success of Tea, an app that allows women to share anonymous reviews of men, which gained widespread online attention. Men discussed on the app claimed they could suffer reputational harm based on unverified allegations.

A user of the controversial imageboard 4chan discovered that more than 72,000 sensitive images from Tea were exposed on a misconfigured database. The images were distributed on 4chan and on the social media platform X.

A security researcher soon discovered that Tea, which is said to have more than 6 million users, also left more than 1 million direct messages exposed. The app then turned off its messaging feature.

The two security incidents led to a class-action lawsuit against Tea, 4chan and X.