Indian startup Yes Madam discloses sensitive data of customers and business employees

Indian house salon platform Sure Madam has uncovered delicate knowledge of its clients and enterprise workers as a result of a server-side misconfiguration.

Primarily based in Noida, Sure Madam operates in additional than 30 cities within the nation, by the way to the corporate’s web site. The platform presents in-home salon providers, together with therapies, therapeutic massage, spa and males’s care. Sure, Madam’s cellular apps have additionally been downloaded over one million occasions.

Nevertheless, the initiative left a database containing the total names, cell phone numbers, postal addresses and electronic mail addresses of a whole bunch of hundreds of Sure Madam clients who’ve been related to the web and not using a password since no less than February 20. The database additionally contained clients’ location knowledge. latitude and longitude values, in addition to cost hyperlinks and consumer machine particulars comparable to mannequin names and IMEI numbers.

Moreover, the initiative has disclosed profile photos, names and cell phone numbers of live performance employees on the platform.

safety researcher Anurag Sen associated to CloudDefense.ai discovered the uncovered database and requested TechCrunch to assist report it to the initiator.

Anybody who is aware of the IP handle of the database can solely entry the info dumped as a result of misconfiguration utilizing their internet browser. Sen mentioned there are greater than 900,000 consumer entries within the database.

Sure, Madam, on Friday, TechCrunch secured the database shortly after the main points had been accessible. Sure, Madam co-founder Mayank Arya confirmed to TechCrunch that it has a repair.

Arya didn’t remark additional when requested if Sure Madam had technical instruments, comparable to logs, to find out if the uncovered knowledge was accessed by another person.

Sen additionally briefed the pc emergency response crew, CERT-In, in regards to the knowledge disclosure, which is India’s main group to deal with cybersecurity points within the nation.