TeaOnHer, a newly released iOS app encouraging men to upload and share photos and personal details about women they claim to have dated, is already embroiled in a major privacy scandal.
The platform, which went live just days ago, is leaking user information, including driver’s license images, selfies, and contact details, through links that are openly accessible to anyone with a web browser, TechCrunch has confirmed.
The app has quickly shot up the charts to No. 2 in the Lifestyle category, mimicking the format of Tea, a women-focused dating review platform with over six million users. Tea markets itself as a safety tool but has faced controversy over unverifiable claims and, more recently, a massive security lapse that revealed tens of thousands of images, thousands of government IDs, and over a million private messages.
TeaOnHer appears to have repeated the same fundamental mistakes. TechCrunch found that usernames, email addresses, and identity documents from TeaOnHer’s members are left unsecured. One dataset even linked individual posts directly to names, locations, and emails.
The app is tied to Xavier Lampkin, Newville’s founder and CEO, whose own details were found in the leaked data. At the time of the investigation, around 53,000 accounts had been created, meaning tens of thousands of people could be affected. A second flaw exposed an email and plaintext password associated with Lampkin that appeared to grant access to the admin panel, though TechCrunch did not attempt to log in.
The incident points to a broader danger: handing over government-issued IDs for online “verification” is dangerous because once these documents are stored on insecure servers, a single breach can turn them into a permanent liability.
Unlike a password, a passport or driver’s license cannot be easily replaced, and stolen IDs can be used for fraud, identity theft, or to impersonate victims across other platforms. The exposure of such documents, complete with names, addresses, and birthdates, can enable long-term tracking, harassment, and financial crimes that persist long after an app is shut down.
