Emerging Indian social media startup Slick exposed for months an internal database storing users’ personal information, including information on school-aged children.
Since at least December 11, a database including the complete names, mobile phone numbers, birth dates, and profile images of Slick members was left unprotected online.
Bengaluru-based Archit Nanda, a former executive at Unacademy, established Slick in November 2022 after turning away from cryptocurrencies and closing his previous firm, CoinMint. His most recent endeavour, Slick, is available on both Android and iOS and functions similarly to Gas, a successful U.S. app based on compliments. The application also enables high school and college students to converse with and about their friends incognito.
Anurag Sen, a security researcher, discovered the unsecured database and requested TechCrunch’s assistance in reporting the matter to the social media startup. Slick protected the database shortly following TechCrunch’s Friday inquiry.
Due to a misconfiguration, anyone with knowledge of the database’s IP address was able to access the database, which had more than 153,000 user entries at the time it was secured. TechCrunch also discovered that the database was accessible via an easily guessed subdomain on Slick’s main website.
The researcher also alerted India’s computer emergency response team, often known as CERT-In, which is the country’s primary cybersecurity body.
Nanda confirmed to TechCrunch that Slick has resolved the vulnerability. It is unknown whether anyone except Sen discovered the database before it was secured.
Upon its debut in India last year, Slick quickly garnered a large number of younger users. Nanda announced on Twitter earlier this month that the app had surpassed 100,000 downloads.
Related Articles:
Ways Parents Can Help Their Children Break Free From Technology Addiction
Google, Microsoft and 15 other technology companies headed by Indian-origin executives