Rising Indian social media app Slick left an interior databases containing users’ particular info, such as facts of college-likely children, publicly uncovered to the web for months.
Given that at minimum December 11, a database that contains whole names, cell figures, dates of birth, and profile pictures of Slick consumers was remaining on the internet with out a password.
Bengaluru-primarily based Slick introduced in November 2022 by former Unacademy govt Archit Nanda immediately after pivoting from crypto and closing his earlier startup CoinMint. His hottest enterprise, Slick, is readily available on both Android and iOS and will work equally to Gas, a compliments-dependent application that is well-liked in the United States. The app also makes it possible for faculty and university learners to chat with and about their good friends anonymously.
Stability researcher Anurag Sen from CloudDefense.ai uncovered the exposed database, and asked TechCrunch for assistance in reporting the incident to the social media startup. Slick secured the databases a quick time immediately after TechCrunch attained out on Friday.
Owing to a misconfiguration, anyone familiar with the database’s IP handle could accessibility the databases, which contained entries of about 153,000 consumers at the time it was secured. TechCrunch also discovered that the databases could be accessed by an simple-to-guess subdomain on Slick’s most important internet site.
The researcher also informed the India’s laptop or computer emergency reaction group, regarded as CERT-In, the country’s lead agency for managing cybersecurity difficulties.
Nanda verified to TechCrunch that Slick fixed the exposure. It is not recognized if anybody other than Sen identified the databases before it was secured.
Slick captivated a lot of more youthful people in India shortly following debuting previous year. Earlier this thirty day period, Nanda took to Twitter to announce that the app crossed 100,000 downloads.