Indian social media app Slick uncovered childrens' consumer information • TechCrunch

rising Indian social media app Slick left an inside database containing clients’ private information, collectively with information of school-going kids, publicly uncovered to the internet for months.

Since not decrease than December eleven, a database containing full names, mobile numbers, dates of start, and profile footage of Slick clients was left on-line with out a password.

Bengaluru-based mostly Slick launched in November 2022 by former Unacademy authorities Archit Nanda after pivoting from crypto and shutting his earlier startup CoinMint. His latest enterprise, Slick, is supplied on each Android and iOS and works equally to gasoline, a compliments-based mostly app that is frequent in america. The app additionally permits school and school college students to discuss with and about their associates anonymously.

safety researcher Anurag Sen from found the uncovered database, and requested TechCrunch for assist in reporting the incident to the social media startup. Slick secured the database a quick time after TechCrunch reached out on Friday.

ensuing from a misconfiguration, anyone acquainted with the database’s IP deal with might entry the database, which contained entries of over 153,000 clients on the time it was secured. TechCrunch additionally found that the database might presumably be accessed by an simple-to-guess subdomain on Slick’s fundamental internet web site.

The researcher additionally educated the India’s laptop pocket book computer emergency response group, usually acknowledged as CERT-In, the nation’s lead agency for dealing with cybersecurity factors.

Nanda confirmed to TechCrunch that Slick mounted the publicity. It’s not acknowledged if anyone completely different than Sen found the database earlier than it was secured.

Slick attracted many youthful clients in India shortly after debuting final yr. Earlier this month, Nanda took to Twitter to announce that the app crossed one hundred,000 downloads.


Post a Comment