An Indian Slick App leaked students’ user data

The newly launched Indian social media app “Slick” was started in November 2022 by a former academic executive, Bengaluru-based Archit Nanda, after shutting down his previous business of cryptocurrency “CoinMint.”

This recent app is available for Android and iOS users and functions similarly to the well-known American software Gas, a compliments-based app. The slick app allows high school and college students to talk anonymously with friends.

The slick app leaked the personal information of its users, mostly school students, which includes their full names, phone numbers, dates of birth, and profile images. This user’s dataset has been accessible online without a password since 11 December.

A security researcher from CloudDefense.ai discovered the unsecured database and reported it to India’s top cybersecurity agency, the computer emergency response team (CERT), and the Slick App firm on 11 February. After that, the social media app addressed the issue and secured their leaked datasets.

It was also found that a setup error can allow anyone who knew the database’s IP address to access the dataset of 153,000 users. Additionally, the dataset can be accessed by an easy-to-guess subdomain available on the Slick app website.

The slick app became popular among the young generation soon after its release in India. The app’s founder, Nanda, tweeted that the app had surpassed 100,000 downloads at the start of this month.