Lorenzo Franceschi-Bicchierai@lorenzofb@infosec.exchange
NEW: Here's how @zackwhittaker.com found that TeaOnHer was spilling the personal data of its users β including photos of drivers' licenses β on the internet, for all to see.
The security issues were so trivial all it took him was around ten minutes.
The result is that anyone could have scraped all the users' IDs just by looking around the app's API.
https://techcrunch.com/2025/08/13/how-we-found-teaonher-spilling-users-drivers-licenses-in-less-than-10-minutes/
Lorenzo Franceschi-Bicchierai@lorenzofb@infosec.exchange
What's worse, when Zack reached out to the app's developer, he initially dismissed the concerns.
βYou must have us confused with βthe Tea appβ," referring to the dating safety app for women that his app was trying to replicate (but for men.) Then he quietly fixed the issues and ghosted us.
https://techcrunch.com/2025/08/13/how-we-found-teaonher-spilling-users-drivers-licenses-in-less-than-10-minutes/