Male-Oriented App ‘TeaOnHer’ Faces Security Vulnerabilities Exposing Users’ Identity Documents
Both the women-only dating app Tea and its male-oriented counterpart TeaOnHer have faced significant security vulnerabilities. While Tea has already been the target of 10 potential class-action lawsuits due to a data breach, TeaOnHer has also revealed similar flaws. The breach led to the exposure of thousands of selfies, ID photos, and private conversations. Legal experts estimate that the financial repercussions for Tea could be severe, with potential damages reaching into the tens of millions. One of the lawsuits includes 4chan and X as defendants, citing their role in enabling hackers to spread users’ private data. Meanwhile, TeaOnHer has also been found to have major security flaws. TechCrunch reports that the app’s vulnerabilities exposed users’ personal information, including photos of their driver’s licenses and other government-issued ID documents. Further investigation revealed that TeaOnHer’s API landing page had no significant security measures, allowing unauthorized access to user data. The app’s server stored sensitive documents in a publicly accessible Amazon S3 cloud server, making them vulnerable to exposure. The bugs were so easy to find that it would be sheer luck if nobody malicious found them before the researchers did. The developers of TeaOnHer, however, refused to say if they had the technical ability to determine if anyone had misused the API. The flaws were discovered when TeaOnHer was the #2 free app in the Apple App Store, highlighting the ongoing privacy risks inherent in apps that demand sensitive information from users. Additionally, the app also had another authentication issue, allowing users to browse profiles before their verifications were complete.