Compliments-based social media app Slick has been discovered to have leaked personal information of over 150,000 users for at least two months.
Slick is a Bengaluru-based social media platform launched in November 2022, primarily aimed at teenagers and college students. The app is available for iOS and Android, allowing users to connect with friends and create anonymous compliment pools that can be shared with others.
According to security researcher Anurag Sen who discovered the misconfigured database, the publicly exposed data also included information on minors who downloaded and installed the app.
Sen reported the breach to TechCrunch and alerted CERT-In, India’s computer emergency response team.
Anyone with knowledge of Slick’s database IP could have accessed this information, potentially exfiltrating full names, mobile numbers, dates of birth and profile pictures of the social media platforms’ users.
“Due to a misconfiguration, anyone familiar with the database’s IP address could access the database, which contained entries of over 153,000 users at the time it was secured,” the online technology news outlet said. “TechCrunch also found that the database could be accessed by an easy-to-guess subdomain on Slick’s main website.”
TechCrunch reached out to the social media platform on Friday and the exposed database is now secure.
Social media apps and platforms can bring many benefits to users, but they also carry privacy risks for individuals, including data breaches and leaks.
Check now whether your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection. The dedicated identity protection service helps you stay on top of data breaches and privacy threats, with 24/7 monitoring and instant alerts whenever your personal information is at risk.