Emerging Indian social media app Slick left an internal database containing customers’ internal most info, including records of school-going teens, publicly uncovered to the records superhighway for months.
Since on the least December 11, a database containing stout names, mobile numbers, dates of beginning, and profile photos of Slick customers was left online with out a password.
Bengaluru-basically basically basically based Slick launched in November 2022 by faded Unacademy government Archit Nanda after pivoting from crypto and closing his earlier startup CoinMint. His most modern endeavor, Slick, is available within the market on each and each Android and iOS and works equally to Gasoline, a compliments-basically basically basically based app that is standard within the United States. The app also permits college and college college students to talk about with and about their friends anonymously.
Safety researcher Anurag Sen from CloudDefense.ai stumbled on the uncovered database, and requested TechCrunch for support in reporting the incident to the social media startup. Slick secured the database a brief time after TechCrunch reached out on Friday.
As a result of a misconfiguration, any individual accustomed to the database’s IP deal with might perhaps presumably internet entry to the database, which contained entries of over 153,000 customers on the time it was secured. TechCrunch also stumbled on that the database will be accessed by a easy-to-wager subdomain on Slick’s major web dwelling.
The researcher also suggested the India’s computer emergency response group, identified as CERT-In, the nation’s lead company for facing cybersecurity issues.
Nanda confirmed to TechCrunch that Slick mounted the exposure. It’s no longer identified if any individual rather than Sen stumbled on the database earlier than it was secured.
Slick attracted many youthful customers in India rapidly after debuting excellent 365 days. Earlier this month, Nanda took to Twitter to remark that the app crossed 100,000 downloads.