Rising Indian social media app Slick left an interior database of customers’ non-public data, together with information of college kids, publicly uncovered to the web for months.
Since a minimum of December 11, a database containing the entire names, mobile phone numbers, dates of delivery and profile footage of Slick customers has been left on-line with out passwords.
Bengaluru-based Slick was once introduced in November 2022 by means of former Unacademy government Archit Nanda next switching from crypto and closing down his earlier startup CoinMint. His original project, Slick, is to be had on Android and iOS and works in a similar fashion to Fuel, a compliment-based app that’s prevalent in the USA. The app additionally lets in faculty and faculty scholars to speak with and about their pals anonymously.
safety researcher Anurag Sen from CloudDefense.ai discovered the uncovered database and requested TechCrunch to aid file the incident to the social media startup. Slick join the database in a while next TechCrunch contacted Friday.
Because of misconfiguration, somebody who knew the database’s IP deal with may get entry to the database, which contained entries from greater than 153,000 customers on the month it was once join. TechCrunch additionally came upon that the database was once accessed via an easy-to-guess subdomain on Slick’s primary web site.
The researcher additionally briefed Bharat’s Pc Situation Reaction Staff, referred to as CERT-In, the rustic’s govern company for dealing with cybersecurity problems.
Nanda showed to TechCrunch that Slick mounted the publicity. It’s unknown if somebody alternative than Sen discovered the database earlier than it was once join.
Slick attracted many younger customers to Bharat in a while next its debut utmost date. Previous this hour, Nanda took to Twitter to announce that the appliance has exceeded 100,000 downloads.
Tech
Don’t miss interesting posts on Famousbio
