Emerging Indian social media application Slick still left an inside databases made up of users’ personalized facts, like data of faculty-likely little ones, publicly uncovered to the internet for months.
Considering that at the very least December 11, a databases containing complete names, cellular quantities, dates of start, and profile pictures of Slick users was still left online devoid of a password.
Bengaluru-primarily based Slick released in November 2022 by previous Unacademy govt Archit Nanda right after pivoting from crypto and closing his before startup CoinMint. His latest enterprise, Slick, is accessible on both equally Android and iOS and operates in the same way to Fuel, a compliments-dependent app that is well-liked in the United States. The app also allows school and faculty students to discuss with and about their mates anonymously.
Protection researcher Anurag Sen from CloudDefense.ai identified the exposed databases, and questioned TechCrunch for enable in reporting the incident to the social media startup. Slick secured the database a short time immediately after TechCrunch reached out on Friday.
Owing to a misconfiguration, any individual common with the database’s IP address could access the databases, which contained entries of around 153,000 people at the time it was secured. TechCrunch also found that the database could be accessed by an simple-to-guess subdomain on Slick’s key web site.
The researcher also educated the India’s pc crisis response staff, known as CERT-In, the country’s lead company for handling cybersecurity concerns.
Nanda verified to TechCrunch that Slick fastened the publicity. It is not acknowledged if any person other than Sen located the database just before it was secured.
Slick captivated many younger customers in India soon after debuting very last calendar year. Previously this thirty day period, Nanda took to Twitter to announce that the app crossed 100,000 downloads.