Emerging Indian social media app Slick left an internal database containing users’ personal information, including data of school-going children, publicly exposed to the internet for months.
Since at least December 11, a database containing full names, mobile numbers, dates of birth, and profile pictures of Slick users was left online without a password.
Bengaluru-based Slick launched in November 2022 by former Unacademy executive Archit Nanda after pivoting from crypto and closing his earlier startup CoinMint. His latest venture, Slick, is available on both Android and iOS and works similarly to Gas, a compliments-based app that is popular in the United States. The app also allows school and college students to talk with and about their friends anonymously.
Security researcher Anurag Sen from CloudDefense.ai found the exposed database, and asked TechCrunch for help in reporting the incident to the social media startup. Slick secured the database a short time after TechCrunch reached out on Friday.
Due to a misconfiguration, anyone familiar with the database’s IP address could access the database, which contained entries of over 153,000 users at the time it was secured. TechCrunch also found that the database could be accessed by an easy-to-guess subdomain on Slick’s main website.
The researcher also informed the India’s computer emergency response team, known as CERT-In, the country’s lead agency for handling cybersecurity issues.
Nanda confirmed to TechCrunch that Slick fixed the exposure. It’s not known if anyone other than Sen found the database before it was secured.
Slick attracted many younger users in India shortly after debuting last year. Earlier this month, Nanda took to Twitter to announce that the app crossed 100,000 downloads.
It’s time to start changing your passwords assword manager giant LastPass has confirmed that cybercriminals stole its customers’ encrypted password vaults, which store its customers’ passwords and other secrets, in a data breach earlier this year. In an updated blog post on its disclosure, LastPass CEO Karim Toubba said the intruders took a copy of […]
Twitter’s direct messages have always been a security liability. The DMs you send to friends and internet strangers aren’t end-to-end encrypted, making your conversations potentially accessible if Twitter suffers a data breach, or to company staffers with the right permissions to access them. Both scenarios are arguably more likely in Elon Musk’s version of Twitter, where key security and […]
Hawk AI, a German company developing anti-money laundering (AML) and tangential fraud prevention smarts for financial institutions, has raised $17 million in a Series B round of funding. Prior to now, Hawk AI had raised $10 million, and with a fresh $17 million in the bank, the company said that it plans to bolster its product […]
Leave a Reply