Indian parenting platform BabyChakra uncovered information of its customers — which incorporates mother and father and not directly their youngsters — to hacking on account of a misconfiguration in a single of its servers, in response to researchers. The problem revamped 5.5 million recordsdata publicly accessible. The researchers claimed that the recordsdata included hundreds of thousands of images and movies of BabyChakra’s customers and a few of them even contained delicate topics, corresponding to medical check outcomes and prescriptions uploaded by the customers on the platform. Some images uncovered are additionally mentioned to be related to the kids and households of the affected customers. Mumbai-based BabyChakra presents a social community to oldsters allow them to to debate their issues with consultants.
The analysis group at VPNMentor, led by Israeli safety researcher Noam Rotem, found the problem throughout the BabyChakra platform in February and reported it to the corporate shortly after an preliminary investigation. It uncovered non-public information of at the least a number of hundred thousand people, the researchers claimed. The uncovered information included images and movies of folks utilizing BabyChakra to get parenting recommendation and medical session on the platform, in response to the researchers.
In addition to the media content material, the info included over 35,000 invoices and 19,800 packaging slips from the purchases made via the BabyChakra web site. It uncovered personally identifiable info (PII) of over 55,000 customers, together with minors, as per the researchers. The information is claimed to have carried full names, cellphone numbers, residential addresses, and buy particulars of the affected customers.
The the rest of the recordsdata uncovered by BabyChakra included over 132,000 information referring to its clients that each one had been obtained from numerous sources, together with third-party purposes like Facebook. The complete information is claimed to be 259GB in measurement.
“BabyChakra’s failure to adequately store and secure such a massive amount of data has significant implications for its customers — and the company itself,” the researchers mentioned in a weblog put up.
The VPNMentor group mentioned they’d first knowledgeable BabyChakra of the problem on February 9, although the corporate didn’t reply to them regardless of being contacted a number of instances.
The researchers mentioned that the info was discovered secured by the corporate on April 26, after which they knowledgeable Gadgets 360 concerning the information publicity on April 27.
But BabyChakra founder Naiyaa Saggi informed Gadgets 360 that it didn’t discover any vulnerabilities, and the misconfiguration problem was fastened after VPNMentor researchers reached out.
“We undertake security audits as soon as we receive any emails.” she mentioned over e-mail. “We have been in touch with VPNMentor, and they have also confirmed that there are no vulnerabilities exposed.”
She added that BabyChakra was additionally within the course of of initiating quarterly safety audits to guard towards any such vulnerabilities sooner or later.
The VPNMentor researchers famous in its weblog put up that the uncovered information and get in touch with info may very well be utilized by cybercriminals and hackers for fraudulent actions, corresponding to phishing campaigns, e-mail frauds, id and bodily thefts, and malicious software program assaults, amongst others.
Founded in 2015, BabyChakra is claimed to serve greater than two million households a month via its platform for parenting steerage. Its app is touted to generate over 5 lakh items of content material on a month-to-month foundation and has greater than 2,500 bloggers and influencers amongst its customers.
Apart from providing providers corresponding to a web-based neighborhood and skilled session, BabyChakra launched a web-based market for pregnant girls, infants, and new mother and father in 2018, and employed executives from common Indian startups corresponding to FreeCharge and Jabong.