Indian startup Yes Madam has exposed the sensitive data of its customers and gig workers due to a server-side misconfiguration, TechCrunch reported.
Since February 20, the startup has left a database containing the full names, mobile numbers, mailing addresses, and email addresses of hundreds of thousands of Yes Madam customers who have been connected to the internet without a password.
In addition, customers’ location data, including latitude and longitude values, as well as payment links and user device details, such as model names and IMEI numbers, were included in the database. The startup also exposed profile images, names and mobile numbers of gig workers on the platform.
The database had entries of more than 900,000 users, according to CloudDefense.ai security researcher Anurag Sen, who discovered the exposed database. However, Yes Madam later secured the database, said the report.
Yes Madam is a Home Salon and a tech-enabled platform for beauty and wellness that brings salon and spa services to customers’ homes. It operates in more than 30 cities in the country.
The platform provides at-home salon services such as therapies, massage, spa, and male grooming.
Yes Madam’s mobile apps received over a million downloads as well.