Indian parenting platform BabyChakra uncovered information of its customers — which incorporates dad and mom and not directly their youngsters — to hacking because of a misconfiguration in one in all its servers, based on researchers. The difficulty remodeled 5.5 million recordsdata publicly accessible. The researchers claimed that the recordsdata included hundreds of thousands of images and movies of BabyChakra’s customers and a few of them even contained delicate topics, similar to medical check outcomes and prescriptions uploaded by the customers on the platform. Some images uncovered are additionally mentioned to be related to the kids and households of the affected customers. Mumbai-based BabyChakra provides a social community to folks allow them to to debate their issues with specialists.
The analysis workforce at VPNMentor, led by Israeli safety researcher Noam Rotem, found the difficulty inside the BabyChakra platform in February and reported it to the corporate shortly after an preliminary investigation. It uncovered non-public information of at the very least a number of hundred thousand people, the researchers claimed. The uncovered information included images and movies of individuals utilizing BabyChakra to get parenting recommendation and medical session on the platform, based on the researchers.
In addition to the media content material, the information included over 35,000 invoices and 19,800 packaging slips from the purchases made by means of the BabyChakra web site. It uncovered personally identifiable data (PII) of over 55,000 customers, together with minors, as per the researchers. The information is alleged to have carried full names, cellphone numbers, residential addresses, and buy particulars of the affected customers.
The the rest of the recordsdata uncovered by BabyChakra included over 132,000 information referring to its prospects that each one have been obtained from varied sources, together with third-party functions like Facebook. The complete information is alleged to be 259GB in dimension.
“BabyChakra’s failure to adequately store and secure such a massive amount of data has significant implications for its customers — and the company itself,” the researchers said in a weblog submit.
The VPNMentor workforce mentioned that they had first knowledgeable BabyChakra of the difficulty on February 9, although the corporate didn’t reply to them regardless of being contacted a number of occasions.
The researchers mentioned that the information was discovered secured by the corporate on April 26, after which they knowledgeable Gadgets 360 concerning the information publicity on April 27.
But BabyChakra founder Naiyaa Saggi informed Gadgets 360 that it didn’t discover any vulnerabilities, and the misconfiguration difficulty was mounted after VPNMentor researchers reached out.
“We undertake security audits as soon as we receive any emails.” she mentioned over e-mail. “We have been in touch with VPNMentor, and they have also confirmed that there are no vulnerabilities exposed.”
She added that BabyChakra was additionally within the means of initiating quarterly safety audits to guard towards any such vulnerabilities sooner or later.
The VPNMentor researchers famous in its weblog submit that the uncovered information and make contact with data may very well be utilized by cybercriminals and hackers for fraudulent actions, similar to phishing campaigns, e-mail frauds, id and bodily thefts, and malicious software program assaults, amongst others.
Founded in 2015, BabyChakra is claimed to serve greater than two million households a month by means of its platform for parenting steerage. Its app is touted to generate over 5 lakh items of content material on a month-to-month foundation and has greater than 2,500 bloggers and influencers amongst its customers.
Apart from providing providers similar to an internet neighborhood and knowledgeable session, BabyChakra launched an internet market for pregnant girls, infants, and new dad and mom in 2018, and employed executives from standard Indian startups similar to FreeCharge and Jabong.