Indian social media app Slick exposes user data of minors
Bengaluru-based social media app Slick has placed the safety of its users, including school-going children, at risk. As per a TechCrunch report, the company exposed an internal database comprising full names, birthdays, mobile numbers, and profile pictures of its users online sans a password. The database was visible at least since December 11 last year, but it has now been secured.
Why does this story matter?
In today's world, where everyone is online, a data breach is a serious threat to our security. Companies and institutions across the world have suffered from the same time and again, be it tech giants like Meta or Indian Railways back home. Start-ups that deal with minors need to be even more careful and invest in top-notch cybersecurity solutions.
Brief info about Slick
Slick was launched in November 2022, and its app is available for both iOS and Android. It crossed one lakh downloads earlier this month. Slick is a compliments-based app that allows youngsters (school and college students) to connect and talk about their friends anonymously. It is very similar to an app called Gas, which is available in the US.
How does Slick work?
Users have to compliment someone by choosing them in anonymous polls. You can also share the polls you get picked in or view your friends' polls. Premium users can find out who complimented them.
What exactly was the issue?
Reportedly, there was a misconfiguration in Slick's database. As a result, anyone with knowledge about its IP address could access the data of over 1.53 lakh users (at the time the database was secured). According to TechCrunch, an easy-to-guess subdomain on Slick's main website could also be used to access user data. The leak was plugged by the company on Friday (February 10).
Security researcher Anurag Sen found exposed database
The data breach on Slick was discovered by security researcher Anurag Sen from CloudDefense.ai. He also alerted India's computer emergency response team CERT-In about the exposed database. However, it is unclear whether anyone other than Sen also found the unsecured database.
