What is TeaOnHer and what security issues were discovered?

TeaOnHer is a newly launched application designed for men to share information about women they have allegedly dated, found to expose data of approximately 53,000 users. The app was launched on Apple's App Store by Xavier Lampkin in August 2025 and contains critical security vulnerabilities that allow unauthorized access to personal information.

How popular has the TeaOnHer app become despite its controversial nature?

TeaOnHer has rapidly gained popularity, achieving the number 2 ranking among lifestyle apps on iOS and reaching number 17 across all free applications on the App Store, despite its controversial purpose and significant security vulnerabilities.

What types of personal information are exposed through TeaOnHer's security vulnerabilities?

The security vulnerabilities allow unauthorized access to government-issued driver's licenses, verification selfies, private user communications, usernames and account display names, email addresses, self-reported location information and geographic data, and administrative credentials including plaintext passwords.

How many users are affected by the TeaOnHer data exposure?

The data exposure affects approximately 53,000 users of the TeaOnHer application, whose personal information became accessible through critical security vulnerabilities in the app's infrastructure.

Who discovered the TeaOnHer security vulnerabilities?

TechCrunch security researchers discovered the application's security flaws, including vulnerabilities that enable unauthorized access to user data and the exposure of administrative credentials belonging to the app creator Xavier Lampkin.

What makes the TeaOnHer data exposure particularly concerning?

The exposure is particularly concerning because it includes government-issued identification documents, verification selfies, and private communications of approximately 53,000 users. The compromised data can be viewed using standard web browsers, making personal information easily accessible to malicious actors who obtain direct links to the exposed content.

When was the TeaOnHer app launched and what was its stated purpose?

The TeaOnHer app was launched on Apple's App Store by Xavier Lampkin in August 2025 as a direct response to the popular women-only Tea app. It was designed for men to share information about women they have allegedly dated, creating a controversial platform with significant privacy and security concerns.

Incident

TeaOnHer app, rival to the Tea safety app leaks driver's licenses and personal data of 53,000 users

Q: What administrative security breach was discovered in TeaOnHer?

TechCrunch investigators identified a secondary security vulnerability involving the application creator's administrative credentials. Xavier Lampkin's email address and plaintext password were discovered exposed on the server, potentially granting unauthorized access to the application's administrative control panel.

Q: What concerning content was observed on the TeaOnHer platform?

Investigators observed troubling content including multiple instances of the same explicit images posted under different user names, potentially representing non-consensual sharing of intimate content. Additional posts contain derogatory comments about women and unsubstantiated allegations, highlighting the platform's potential for harassment and defamation.

published: Aug. 8, 2025

Learn More

TeaOnHer, a newly launched application designed for men to share information about women they have allegedly dated is found to expose data of approximately 53,000 users.

The application, launched on Apple's App Store by Xavier Lampkin earlier in August 2025 as a direct response to the popular women-only Tea app. It has rapidly gained popularity despite its controversial nature. TeaOnHer achieved the number 2 ranking among lifestyle apps on iOS and reached number 17 across all free applications.

The security vulnerabilities in the app allow unauthorized access to personal information including:

government-issued driver's licenses,
verification selfies,
private user communications
Usernames and account display names
Email addresses associated with user accounts
Self-reported location information and geographic data
Administrative credentials including plaintext passwords

The data exposure is caused by critical security vulnerabilities in TeaOnHer's application infrastructure that allow unauthorized individuals to access user information without authentication. TechCrunch security researchers discovered that the application contains at least one major security flaw enabling anyone with knowledge of the vulnerabilities to access user data through publicly accessible web addresses. The compromised data can be viewed using standard web browsers, making the personal information easily accessible to malicious actors who obtain the direct links to the exposed content.

TechCrunch investigators also identified a secondary security vulnerability involving the application creator's administrative credentials. Xavier Lampkin's email address and plaintext password were discovered exposed on the server, potentially granting unauthorized access to the application's administrative control panel.

Investigators observed troubling content within TeaOnHer's platform, including multiple instances of the same explicit images posted under different user names, potentially representing non-consensual sharing of intimate content. Additional posts contain derogatory comments about women and unsubstantiated allegations regarding sexually transmitted infections, highlighting the platform's potential for harassment and defamation.

TeaOnHer's development company, Newville Media Corporation, has not responded to multiple attempts by security researchers to report the vulnerabilities or provide official statements about the data exposure.

TeaOnHer app, rival to the Tea safety app leaks driver's licenses and personal data of 53,000 users

Read More
Precisely Software reports data breach exposing unknown number …
Scraped Chess.com user records leaked on hacker forum
Indonesia’s e-visa system leaks personal data of tourists
Cal AI Faces Alleged Data Breach Claims Exposing …
Nintendo allegedly breached by by Crimson Collective hacking …