Rising Indian social media app Slick left an inside database containing customers’ private info, together with knowledge of school-going youngsters, publicly uncovered to the web for months.

Since at the very least December 11, a database containing full names, cell numbers, dates of start, and profile photos of Slick customers was left on-line and not using a password.

Bengaluru-based Slick launched in November 2022 by former Unacademy govt Archit Nanda after pivoting from crypto and shutting his earlier startup CoinMint. His newest enterprise, Slick, is on the market on each Android and iOS and works equally to Fuel, a compliments-based app that’s widespread in the US. The app additionally permits college and faculty college students to speak with and about their mates anonymously.

Safety researcher Anurag Sen discovered the uncovered database, and requested TechCrunch for assist in reporting the incident to the social media startup. Slick secured the database a short while after TechCrunch reached out on Friday.

As a consequence of a misconfiguration, anybody aware of the database’s IP handle may entry the database, which contained entries of over 153,000 customers on the time it was secured. TechCrunch additionally discovered that the database could possibly be accessed by an easy-to-guess subdomain on Slick’s predominant web site.

The researcher additionally knowledgeable the India’s laptop emergency response staff, often called CERT-In, the nation’s lead company for dealing with cybersecurity points.

Nanda confirmed to TechCrunch that Slick fastened the publicity. It’s not identified if anybody aside from Sen discovered the database earlier than it was secured.

Slick attracted many youthful customers in India shortly after debuting final 12 months. Earlier this month, Nanda took to Twitter to announce that the app crossed 100,000 downloads.