Exposing Driver’s Licenses on TeaOnHer: A Rapid Discovery

In a stunningly quick investigation, we uncovered a significant security lapse on TeaOnHer that exposed users’ driver’s licenses. The entire process, from initial assessment to confirmation, took less than 10 minutes. Here’s how it unfolded.

The Discovery Process

We stumbled upon the potential vulnerability while conducting routine security checks. The ease with which we accessed sensitive information raised immediate concerns.

Initial Assessment

• We started by examining publicly available data related to TeaOnHer’s user data handling practices.
• We identified potential endpoints that might expose user information.

Exploitation

• Using simple techniques, we crafted requests to these endpoints.
• We were shocked to find that some requests returned full driver’s license images.

Timeline

1. Minute 1-3: Initial reconnaissance and endpoint identification.
2. Minute 3-7: Crafting and sending requests.
3. Minute 7-10: Confirmation of driver’s license exposure.

Impact

The exposure of driver’s licenses represents a severe breach of privacy and security. This information can lead to identity theft, fraud, and other malicious activities. Users of TeaOnHer should take immediate steps to protect themselves, such as monitoring their credit reports and enabling identity theft protection services.