"Met boomers with more complicated passwords": Netizens react to TeaOnHer App fiasco as multiple users suffer data breach
-
TeaOnHer (Photo: teaonher.com)A male version of the Tea app, the TeaOnHer app, recently suffered a data breach. According to a Wednesday, August 6, 2025, article by TechCrunch, it contained a security flaw that allowed anyone to access user data, including usernames, emails, and any identity verification documents and selfies uploaded.
For context, the application was conceptualized as a rebuttal to the viral Tea app, which was marketed as a women's safety tool. Much like the latter app, TeaOnHer promised to help men "date safe" by allowing them to share information about women, including "red flags, safety concerns, and positive experiences." It was the second most downloaded one on the App Store this week.
Notably, according to X user @Pirat_Nation, the admin password for the app was set as Password1.
TeaOnHer, the men-only version of Tea that reached #2 on the US App Store, has suffered a similar data breach, with users’ personal information, IDs, and selfies leaking online pic.twitter.com/oQKkjGMVHp
— FearBuck (@FearedBuck) August 14, 2025Needless to say, as news of the data breach went viral, internet users were quick to react. One wrote:
"I've met boomers with more complicated passwords. What even?"
Many called out the app for being a phishing scam (deceiving people into revealing sensitive information).
"You're telling me the phishing scam has bad security?" one sarcastically questioned.
"if you use any of these apps u kinda deserve it," another chimed in.
"Bro I downloaded the app just to have a good laugh & let me repeat if any app asks for your Drivers License, Passport, State ID or Military ID as “verification” upon registration it’s an obvious scam & potential data breach waiting to happen," a person commented.
Here are some more comments:
"they made fun of women for uploading their faces and ids just to do the same," one joked.
"Yes way... It is scary how many unsecure passwords are all around in use..." another added.
"CIA doing generational numbers this summer," a user quipped.
According to TechCrunch, they could access TeaOnHer users’ documents within 10 minutes
According to the Independent, a week after TechCrunch exposed the TeaOnHer data breach, the publication revealed they could access users’ documents within 10 minutes using minimal effort due to a fault in its public-facing backend system, a.k.a. its API.
Notably, any unauthorized person could access the "admin panel" of the app. Per the outlet, the flaw has since been resolved.
Meanwhile, the company behind TeaOnHer, Newville Media Corporation, has offered no public comment on the development.
Notably, there is no indication that they alerted users whose data might have been leaked. Per the outlet, the brand has little to no web presence, and any emails to their publicly accessible email ID immediately bounce back. Its CEO, Xavier Lampkin, too, has reportedly been silent.
Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation, took to their Bluesky account to write:
"It turns out that the kind of people who write and launch an app in less than two weeks are not the kind of people who feel the need to implement secure coding practices and strong privacy protections for the sensitive user data they ask you to upload."
Per TechCrunch, TeaOnHer also falsely claims to not collect user data. Notably, to sign on to the application, all users have to submit their government ID verifications.
Further, the App Store's rules dictate all makers identify the data collected.
Much like TeaOnHer, the Tea app, too, faced a security breach last month. The developers initially noted that only the data of users who joined before February 2024 had been leaked and that the issue had been resolved.
However, it faced a second hack, which leaked private messages of its current clients. This prompted them to temporarily turn off its direct messages.