Indian Residence Salon Platform Sure Madam uncovered delicate buyer and gig employee knowledge attributable to a server-side misconfiguration.
Noida-based Sure Madam operates in additional than 30 cities throughout the nation, in keeping with the corporate’s web site. The platform presents salon providers at dwelling, together with remedy, therapeutic massage, spa, and males’s grooming. Sure Madam’s cell app has additionally been downloaded over his million occasions.
However the startup left behind a database containing the complete names, cell phone numbers, mailing addresses and electronic mail addresses of a whole lot of hundreds of Sure Madam prospects who’ve gone on-line with out a password since at the least February 20. . The database additionally contained buyer location knowledge. Consumer system particulars resembling latitude and longitude values, fee hyperlinks, mannequin title and his IMEI quantity.
Moreover, the startup has launched the profile footage, names and cell numbers of gig employees on the platform.
safety researcher Anuragsen Certainly one of CloudDefense.ai found the general public database and requested coursesfromhome to assist report it to the startup.
Anybody who is aware of the IP tackle of the database can entry the misconfigured exfiltrated knowledge utilizing only a internet browser. Sen mentioned he had over 900,000 person entries within the database.
Sure madam secured the database on Friday shortly after coursesfromhome reached out with the main points. Sure, Madam co-founder Mayank Arya confirmed to coursesfromhome that he has made the repair.
Arya declined to remark additional when requested if Sure Madam has technical means, resembling logs, to find out if the printed knowledge has been accessed by another person.
Sen additionally knowledgeable India’s pc emergency response workforce, CERT-In, of the info breach.