Indian social media app Slick exposes children’s user data TechCrunch

Rising Indian social media app Slippery It left an inside database of customers’ private data, together with knowledge from school-going kids uncovered to the web for months.

Since at the very least December 11, a database of Slick customers’ full names, cell phone numbers, dates of start, and profile footage has been left on-line with no password.

Bengaluru-based Slick was launched in November 2022 by former Unacademy govt Archit Nanda after he turned from crypto and shut down his earlier enterprise, CoinMint. Its newest enterprise, Slick, works equally to Fuel, a compliment-based app accessible on each Android and iOS and common in america. The app additionally permits faculty and faculty college students to speak to and about their pals anonymously.

safety researcher Anurag Sen from CloudDefense.ai discovered the uncovered database and requested TechCrunch to report the incident to the social media initiative. Slick secured the database shortly after TechCrunch reached out on Friday.

As a result of a misconfiguration, anybody who knew the IP handle of the database may entry the database, which contained entries from greater than 153,000 customers on the time it was secured. TechCrunch additionally discovered that the database may very well be accessed by an easy-to-guess subdomain on Slick’s primary web site.

The researcher additionally briefed the pc emergency response workforce often called CERT-In, India’s main group to handle cybersecurity points.

Nanda confirmed to TechCrunch that Slick fastened the publicity. It’s unknown if anybody apart from Sen discovered the database earlier than it was secured.

Slick caught the eye of many younger customers in India shortly after debuting final yr. Earlier this month, Nanda took to Twitter. announce that the app has exceeded 100,000 downloads.