Indian social media app Slick has released child user data

Indian social media pop-up app Slippery has left behind an internal database of users’ personal data, including data on schoolchildren, which has been publicly exposed on the internet for months.

Since at least December 11, a database of full names, mobile phone numbers, dates of birth and profile photos of Slick users has been maintained online without a password.

Bengaluru-based Slick was launched in November 2022 by former Unacademy executive Archit Nanda after he left the cryptocurrency and shut down his previous startup CoinMint. His latest adventure, Slick, is available for Android and iOS and works similarly to Gas, a popular compliments app in the US. The app also allows students to chat anonymously with and about their friends.

security researcher anurag sen found the exposed database and asked TechCrunch for help reporting the incident to the social media startup. Slick backed up the database shortly after being contacted by TechCrunch on Friday.

A misconfiguration allowed anyone familiar with the database’s IP address to access the database, which at the time of the backup contained data for more than 153,000 users. TechCrunch also found that the database was accessible through an easy-to-guess subdomain on Slick’s main website.

The researcher also briefed India’s computer emergency response team known as CERT-In, the country’s main agency for dealing with cybersecurity issues.

Nanda confirmed to TechCrunch that Slick corrected the disclosure. It is unknown if anyone other than Sen found the database before it was backed up.

Slick attracted much younger users in India shortly after its debut last year. Earlier this month, Nanda took to Twitter to announce that the app has been downloaded more than 100,000 times.

Source: La Neta Neta

follow:
\