Rising Indian social media app Slick left an inner database containing customers’ private info, together with knowledge of school-going kids, publicly uncovered to the web for months.
Since no less than December 11, a database containing full names, cell numbers, dates of beginning, and profile footage of Slick customers was left on-line and not using a password.
Bengaluru-based Slick launched in November 2022 by former Unacademy government Archit Nanda after pivoting from crypto and shutting his earlier startup CoinMint. His newest enterprise, Slick, is obtainable on each Android and iOS and works equally to Gasoline, a compliments-based app that’s widespread in the USA. The app additionally permits faculty and school college students to speak with and about their buddies anonymously.
Safety researcher Anurag Sen from CloudDefense.ai discovered the uncovered database, and requested TechCrunch for assist in reporting the incident to the social media startup. Slick secured the database a short while after TechCrunch reached out on Friday.
Because of a misconfiguration, anybody aware of the database’s IP handle may entry the database, which contained entries of over 153,000 customers on the time it was secured. TechCrunch additionally discovered that the database might be accessed by an easy-to-guess subdomain on Slick’s fundamental web site.
The researcher additionally knowledgeable the India’s laptop emergency response staff, referred to as CERT-In, the nation’s lead company for dealing with cybersecurity points.
Nanda confirmed to TechCrunch that Slick fastened the publicity. It’s not identified if anybody apart from Sen discovered the database earlier than it was secured.
Slick attracted many youthful customers in India shortly after debuting final 12 months. Earlier this month, Nanda took to Twitter to announce that the app crossed 100,000 downloads.
Leave a Reply