Homegrown startup Yes Madam has exposed the sensitive data of its customers and gig workers due to a server-side misconfiguration, the media reported.

According to TechCrunch, since February 20, the startup has left a database containing the full names, mobile numbers, mailing addresses, and email addresses of hundreds of thousands of Yes Madam customers who have been connected to the internet without a password.

In addition, customers’ location data, including latitude and longitude values, as well as payment links and user device details, such as model names and IMEI numbers, were included in the database.

Buy Me A Coffee

Yes Madam is a Home Salon and a tech-enabled platform for beauty and wellness that brings salon and spa services to customers’ homes. It operates in more than 30 cities in the country, according to the company’s website.

The platform provides at-home salon services such as therapies, massage, spa, and male grooming.

Yes Madam’s mobile apps received over a million downloads as well.

Moreover, the startup also exposed profile images, names and mobile numbers of gig workers on the platform, the report mentioned.

The database had entries of more than 9,00,000 users, according to CloudDefense.ai security researcher Anurag Sen, who discovered the exposed database.

However, Yes Madam later secured the database, said the report.

Cyberattackers Steal 16.6 Million USD from Govt Department in South Africa