App 'Tea' Faces New Rival 'TeaOnHer' Both Hit By Data Breaches
New Rival App TeaOnHer Stirs Backlash—And Now Both Dating Platforms Are Facing Data Breaches - Page 2
The rapidly growing dating app Tea Dating Advice (Tea for short), which lets women anonymously share reviews, red flags, and personal stories about men they’ve dated or interacted with, now has a competitor in the market. However, things aren’t going smoothly for the new male-only app, TeaOnHer, as both platforms have recently fallen victim to a data breach, with hackers stealing user information over the past week.
As reported by Cosmopolitan, TeaOnHer was launched earlier this month by Newville Media Corporation, offering men the chance to share their experiences with women they’ve dated. But unlike Tea, where women focus on safety concerns—such as sharing information about sex offenders or men with a history of domestic violence—the new app has been criticized for hosting posts that seem to focus more on petty complaints about women, as mentioned by Cosmopolitan‘s Annabel Iwegbu.
She noted that “Most posts read more like generic misogynistic complaints about women, the same kind you can find on any other social platform—just not with a person’s picture, age, and legal first name attached.”
While TeaOnHer was designed to help men spot red flags, offer safety tips, and exchange stories, TikTok star Christal Luster remarked that the app feels less like a tool for men to learn about safe dating practices and more like a platform for “retaliation” against women.
“My thing is, don’t y’all already do this in the group chat, in the locker, and the internet?” Luster said bluntly.
RELATED CONTENT: Spill The ‘Tea’ — This Women-Only App Is Exposing Men You Should Avoid
The social media star wasn’t afraid to share her thoughts about Tea, too. It seems, she noted, that many users on the app are more focused on “drama” and “gossip” than engaging in constructive conversations about safe and healthy relationships for women in today’s #MeToo climate, particularly after the app climbed to the No. 1 spot in the Apple Store in July.
Tea and TeaonHer were hit by major data breaches.
Both Tea and TeaOnHer are facing serious legal troubles, as issues have escalated over the past two weeks. According to NBC News, Tea, which launched in 2023, has been hit with 10 potential class-action lawsuits in both federal and state courts following two major data breaches: one that occurred on July 25 and another that attacked the app on July 29.
In the first breach, nearly 72,000 images, including selfies and government IDs submitted by users for verification purposes, were exposed. Around 59,000 of those images were shared along with private conversations, posts, and comments shared by users on the app. The second breach exposed more than “1.1 million user direct messages, spanning from early 2023 to last month,” NBC News noted.
The lawsuits accuse Tea of negligence in handling user data and violating its contractual obligations to users. Legal experts suggest that the lawsuits could result in Tea being forced to pay tens of millions of dollars in damages, a blow that could prove devastating for the company.
Meanwhile, TeaOnHer is also facing a wave of legal scrutiny. On Aug. 13, TechCrunch reported that the app had significant security vulnerabilities that exposed users’ personal data, including sensitive documents like driver’s licenses, selfies, emails, and other government-issued IDs used for verification during signup. The leak reportedly occurred sometime between Aug. 4 and Aug. 6.
TechCrunch reported that a major flaw in the app’s API landing page was identified, which contained detailed documentation that allowed anyone—whether a regular user or an app administrator—to perform unauthorized actions on the app’s backend server. The documentation, powered by a tool called Swagger UI, essentially laid out a “master list” of commands, including those for creating new users, verifying identity documents, and moderating content, the outlet noted. Most concerning was the ability to query the app’s backend and pull user data without any authentication, meaning that sensitive information could be accessed by anyone with the technical know-how, without the need for passwords or credentials.
While it’s common for developers to publish API documentation, the issue here was that some of these commands could be executed without proper security measures, putting users’ private data at significant risk. This flaw was publicly visible, making it even more alarming that the data was so easily accessible.
“The records returned from TeaOnHer’s server contained users’ unique identifiers within the app (essentially a string of random letters and numbers), their public profile screen name, and self-reported age and location, along with their private email address,” TechCrunch reported. “The records also included web address links containing photos of the users’ driver’s licenses and corresponding selfies.”
The data breach point has since been fixed on TeaOnHer, according to the Tribune, and Tea has launched an investigation into the leak that exploded on their app, NPR noted.
“As part of our ongoing investigation into the cybersecurity incident involving the Tea App, we learned that some direct messages (DMs) were accessed as part of the initial incident,” a representative from the company said in a statement. “Out of an abundance of caution, we have taken the affected system offline. At this time, we have found no evidence of access to other parts of our environment.”
The company stated that only users who registered before February 2024 were impacted.
RELATED CONTENT: Burned Out By Dating Apps? More Singles Are Paying Thousands To Find Love
