Brutkey

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

NEW: Here's how @zackwhittaker.com found that TeaOnHer was spilling the personal data of its users — including photos of drivers' licenses — on the internet, for all to see.

The security issues were so trivial all it took him was around ten minutes.

The result is that anyone could have scraped all the users' IDs just by looking around the app's API.

https://techcrunch.com/2025/08/13/how-we-found-teaonher-spilling-users-drivers-licenses-in-less-than-10-minutes/

Lorenzo Franceschi-Bicchierai
@lorenzofb@infosec.exchange

What's worse, when Zack reached out to the app's developer, he initially dismissed the concerns.

“You must have us confused with ‘the Tea app’," referring to the dating safety app for women that his app was trying to replicate (but for men.) Then he quietly fixed the issues and ghosted us.

https://techcrunch.com/2025/08/13/how-we-found-teaonher-spilling-users-drivers-licenses-in-less-than-10-minutes/