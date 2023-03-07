Homegrown startup Yes Madam has exposed the sensitive data of its customers and gig workers due to a server-side misconfiguration, the media reported.

The media has reported that Yes Madam, a startup company that provides at-home salon and spa services, has inadvertently exposed the sensitive information of both its customers and gig workers due to a server-side error. TechCrunch reported that a database containing the personal information of hundreds of thousands of Yes Madam customers, including full names, mobile numbers, mailing addresses, and email addresses, was left accessible to the internet without a password since February 20. The database also contained additional details, such as customers’ location data, payment links, and user device details. Yes Madam operates in over 30 cities in India, according to its website, and offers services like massage, spa, therapies, and male grooming.

According to the report, Yes Madam’s mobile applications were downloaded more than a million times. Additionally, the startup inadvertently revealed the profile pictures, names, and mobile numbers of gig workers who use the platform. The database contained information on over 900,000 users, as reported by security researcher Anurag Sen from CloudDefense.ai, who discovered the exposed database. Nevertheless, the report stated that Yes Madam has since secured the database.

