The lapse in security exposed a database of 153K users since December 11, containing personally identifiable data
Founded in November 2022 by former Unacademy executive Archit Nanda, Slick is a social media app for teenagers
The security issue at Slick comes at a time when India is one of the worst-hit countries in terms of cyberattacks in the world
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
Social media platform Slick, founded by former Unacademy executive Archit Nanda, allegedly exposed the sensitive data of primarily school-going children, after having a security lapse due to a misconfigured server.
The lapse in security exposed a database of 153K users since December 11, containing full names, mobile numbers, dates of birth, and profile pictures of Slick users, and was left online without a password.
The security breach was first detected by security researcher Anurag Sen. Sen told Inc42 that the server could be found and accessed by anyone with the server’s IP address.
The security researcher added that when he first detected the security risk at Slick, he reached out to TechCrunch since he could not directly reach the founders. Within an hour of the article going live on TC on Saturday (February 12), the company fixed the issue, Sen added.
Talking with Inc42 on the matter, Archit Nanda of Slick said, “We recognise the data vulnerability highlighted by a security researcher, which was immediately fixed before it could affect any of our users. And we can confirm that no user data was leaked or compromised.”
“We’ve done a thorough check to ensure there are no other vulnerabilities in our security system,” added the cofounder.
Slick was launched in November 2022 by Archit Nanda, after he pivoted and closed his earlier crypto startup CoinMint. The crypto startup had even raised a pre-seed round of $500K from angels such as Unacademy’s Gaurav Munjal, Udaan’s Sujeet Kumar and CRED’s Kunal Shah, among others.
Slick is available on both Android and iOS and has rapidly gained traction among teenagers. According to one of Nanda’s posts on LinkedIn, Slick hit 28,000 daily active users in just two months without spending anything on marketing.
Slick works similarly to Gas, a popular compliments-based app in the US which allows school and college students to engage anonymously.
The data security issue at Slick comes at a time when India’s startup ecosystem has been repeatedly hit with data security issues over the past few months.
Last year, Flipkart-owned online travel aggregator (OTA) Cleartrip was hit with a major data breach. In 2021, the likes of Mobikwik and Upstox were among the startups that saw data breaches, exposing the data of millions of users in the process.
In a response to a question asked recently in Rajya Sabha, the Ministry of Electronics and Information Technology (MeitY) said India witnessed 13.91 Lakh cybersecurity incidents in 2022.
While the government said that CERT-In tracked just 13.91 Lakh cybersecurity incidents in 2022, a senior Google executive last August pegged the number at 18 Mn cyberattacks a day, which translates to 6.57 Bn cyberattacks per year.
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.