TechCrunch Industry News How we found TeaOnHer spilling users’ driver’s licenses in less than 10 minutes
Aug 14, 2025
A dating gossip app is under fire for exposing thousands of users' sensitive information, including scans of driver's licenses. The security failures behind this breach highlight significant privacy risks in applications handling personal data. CEO Xavier Lampkin remains tight-lipped about notifying affected users, raising concerns over accountability. The discussion delves into the implications of such leaks and what it means for privacy in the digital age.
AI Snips
Chapters
Transcript
Episode notes
Sensitive ID Collection Exposed
- Tea on Her collected highly sensitive identity documents including driver's licenses during sign-up.
- Exposed backend infrastructure made those documents discoverable without authentication.
Regulation Increases Data Risk
- Age-verification laws are pushing more services to collect identity documents, increasing aggregated privacy risk.
- Centralized storage of IDs creates attractive high-value targets for attackers and multiplies harm.
Discovery In Under Ten Minutes
- TechCrunch found the app's API landing page and admin credentials exposed in plain text within minutes.
- The API docs revealed unauthenticated endpoints that returned user records and links to ID photos stored publicly on S3.