David Bridges
Tea positions itself as a personal safety dating application specifically designed for women, facilitating anonymous sharing of experiences regarding men they meet. In a twist, a new app named TeaOnHer has surfaced, aiming to empower men to share insights about the women they date. However, just as Tea faced backlash last month for exposing sensitive user information—including phone numbers and personal stories—its counterpart, TeaOnHer, appears to be grappling with similar security vulnerabilities.
uncovered various security flaws within TeaOnHer, which currently ranks as the second most popular lifestyle app on iOS. Despite its flaws, Tea remains the leader in this category. The investigation revealed a significant security loophole that allowed unauthorized access to TeaOnHer user data, including usernames, email addresses, uploaded driver’s licenses, and selfies. Additionally, a troubling second issue was identified, where the email address and plaintext password of Xavier Lampkin, the founder and CEO of the app’s developing company, were left vulnerable. This breach potentially grants access to TeaOnHer‘s admin panel, posing yet another significant security threat.
The comprehensive report at also highlights alarming concerns regarding the content circulated on the app, which included spam posts featuring nude images of women. It remains uncertain how many of the approximately 53,000 users on TeaOnHer could be bots, or if the application was designed for serious use; notably, portions of its description in the iOS App Store mirror the language found in Tea‘s listing almost verbatim.
Brandon Fletcher
