Overview
- Security researchers say trivial API flaws in TeaOnHer exposed thousands of driver’s licenses, selfies, emails and private messages until a fix was deployed roughly one week after TechCrunch’s disclosure.
- The app’s developer, Newville Media Corporation, has neither commented publicly on the breach nor indicated that affected users have been notified, raising transparency and accountability concerns.
- The original Tea app continues to cooperate with an FBI inquiry and consolidated class-action litigation after earlier leaks of about 72,000 ID images and 1.1 million messages forced it to disable direct messaging.
- Privacy advocates and security experts warn that the rapid, copycat launches of both Tea and TeaOnHer highlight systemic risks from virality-driven development and insufficient data controls.
- Questions are growing about compliance with Apple App Store disclosure rules after TeaOnHer required government ID verification while its listing claimed no user data collection.