At-home salon startup Yes Madam allegedly exposed sensitive customer and gig worker data due to a server-side misconfiguration.
According to security researcher Anurag Sen, Yes Madam allegedly left a database containing the full names, mobile numbers, email addresses, and physical addresses of hundreds of thousands of customers connected to the internet without a password since at least February 20. The database allegedly also contained some customer location data, such as latitude and longitude values, as well as user device details (model, make, IEMI numbers), and payment links. Yes Madam also revealed the profile images, names, and mobile numbers of gig workers employed by the platform.
According to Sen, the database contained information from over 900,000 users. Because of the misconfiguration, anyone with the database’s IP address could access the data using only their web browser, according to the security researcher.
Yes Madam secured the database on Friday (March 3) after reaching out to the startup’s cofounder Mayank Arya, according to TechCrunch. Yes Madam’s founding team has been contacted by Inc42, and the story will be updated as soon as they respond.
It provides at-home salon services such as massage, spa, therapies, hair treatments, and male grooming. Its app has also received over a million downloads.
Yes Madam’s data breach comes at a time when Indian startups are increasingly becoming the target of cyberattacks. Companies such as Slick and RailYatri have suffered data breaches in recent months, exposing the personal information of millions of users. According to CERT-In, India will experience approximately 13.91 lakh reported cyberattacks in 2022.
However, these attacks were only the ones reported to CERT-In. A senior Google executive had said in August 2022 that India suffered as many as 1.8 crore cyberattacks per day, potentially taking the total for the year to 21.6 crore.
About Yes madam,
Yes Madam is an at-home salon startup based in India that offers a range of beauty services to customers in the comfort of their own homes. The company was founded in 2016 by Mayank Arya and Aditya Arya, and has since grown to serve over 100,000 customers across 25 cities in India.
The concept of an at-home salon is not new, but Yes Madam has set itself apart by offering a convenient and affordable service. Customers can book appointments through the company’s app or website, and a trained beauty professional will arrive at their doorstep to provide the service.
Yes Madam offers a range of services, including haircuts, facials, massages, and more. The company also offers packages for weddings and other events. By offering these services at home, Yes Madam saves customers time and eliminates the need to travel to a salon.
The startup has received funding from investors including Axilor Ventures and SRI Capital, and has plans to expand further in India and beyond. Yes Madam’s success demonstrates the growing demand for convenient, on-demand services in the beauty industry.