Emerging Indian social networks app Slick left an internal database consisting of users’ individual details, consisting of information of school-going kids, openly exposed to the web for months.
Since a minimum of December 11, a database including complete names, mobile numbers, dates of birth, and profile photos of Slick users was left online without a password.
Bengaluru-based Slick released in November 2022 by previous Unacademy executive Archit Nanda after rotating from crypto and closing his earlier start-up CoinMint. His most current endeavor, Slick, is offered on both Android and iOS and works likewise to Gas, a compliments-based app that is popular in the United States. The app likewise enables school and university student to talk with and about their buddies anonymously.
Security scientist Anurag Sen from CloudDefense.ai discovered the exposed database, and asked TechCrunch for aid in reporting the event to the social networks start-up. Slick protected the database a brief time after TechCrunch connected on Friday.
Due to a misconfiguration, anybody acquainted with the database’s IP address might access the database, which consisted of entries of over 153,000 users at the time it was protected. TechCrunch likewise discovered that the database might be accessed by an easy-to-guess subdomain on Slick’s primary site.
The scientist likewise notified the India’s computer system emergency situation reaction group, called CERT-In, the nation’s lead firm for dealing with cybersecurity problems.
Nanda validated to TechCrunch that Slick repaired the direct exposure. It’s not understood if anybody besides Sen discovered the database prior to it was protected.
Slick brought in numerous more youthful users in India soon after debuting in 2015. Previously this month, Nanda required to Twitter to reveal that the app crossed 100,000 downloads.