A researcher, Anurag Sen, at CloudDefense, a platform for cloud computing and application risk reduction services, found a security vulnerability leading to the Slick application database, and asked TechCrunch to help report the emerging social networking company.
The researcher also informed the Computer Emergency Response Team of India (CERT-In), the country’s leading agency for dealing with cyber security issues, under the Ministry of Electronics and Information Technology.
The company secured the database shortly after contacting TechCrunch, a technology news website, on Friday.
The site stated that due to a misconfiguration of the settings on the company’s website, anyone familiar with the Internet Protocol address of the database can access it and view the information of more than 153,000 users.
The site also discovered that the database could be accessed through an easy-to-guess subdomain of Slick’s main website.
Since at least December 11, the app has left a database containing users’ full names, cell phone numbers, dates of birth, and profile pictures available online without a password.
And in November 2022, Arshit Nanda, former CEO of the Indian education platform “Unacademy”, launched the “Slick” application, based in Bangalore, southeastern India, after moving away from the cryptocurrency field and closing his former startup, CoinMint.
His latest project, Slick, which runs on Android and iOS, is a compliment-based app popular in the US. The application also allows school and university students to talk to their friends without revealing their identities.
Nanda confirmed to TechCrunch that his company had fixed this vulnerability that led to the data being exposed, but it is not clear if anyone other than the researcher would have found the database before it was secured.
Slick attracted many young users in India shortly after its debut last year.
Earlier this month, Nanda wrote in a tweet on Twitter, that the number of downloads of the application exceeded 100 thousand downloads.