Homegrown application ‘Slick’ leaks data of children
The growing importance of social media is known to everyone however people tend to lose themselves in it and forget how vulnerable the entire concept could be. The kind of data that is stored in our social media applications and our phones could also be potential data for someone to leak and to gain from. Having said that, social media has to be used as a tool for gainful purposes instead of using it for wrongful means. With all this, the risk of our data being exposed increases.
Slick, a homegrown social media application has exposed the internal database of user’s profile and their personal information all around the web. This breach of security has majorly leaked children’s data. An application catering to teenagers and college going students allowing its users to be able to connect with their peers. The aim of developing this application was to create an anonymous compliment pool which could be shared with each other.
Slick, a Bengaluru based social media platform was launched in November 2022 founded by Unacademy’s former executive Archit Nanda who allegedly exposed the sensitive data after there was a lapse in security of its users who were primarily children belonging to primary school which had happened due to a misconfigured server. Database of about 153k users was leaked since 11th December 2022 for last two months which included their profile pictures, date of birth, phone numbers with their accounts left open without any passwords.
A report by TechCrunch showed a database containing user information including date of birth, phone numbers profile pictures were all floating around the internet. The online technology outlet said “Due to a misconfiguration, anyone familiar with the database’s IP address could access the database, which contained entries of over 153,000 users at the time it was secured,” further adding that TechCrunch also found that the database could be accessed by an easy-to-guess subdomain on Slick’s main website.
The leaked database was first detected by Anurag Sen Security researcher from CloudDefense.ai, he further went on to expose the data leak by Slick and immediately gave an intimation to CERT (Computer Emergency Response Team). Anurag Sen added by revealing that there was also date of several minors who downloaded the app which was leaked.
TechCrunch took to their social media handles on Friday, reaching out to everyone informing them that leaked data has now been secured. Following the leak, IT Ministry has taken cognizance of the matter however has not released any official statement.