VPNMentor’s research team, led by Israeli security researcher Noam Rotem, discovered the problem within the BabyChakra platform in February and reported it to the company soon after a preliminary investigation. The researcher claimed that this data exposes the personal data of millions of individuals. The researcher said the exposure data also included photos and videos of people using BabyChakra.
In addition to media content, data contained in over 35,000 invoices and 19,800 packaging slips has also been accessed from purchases made through the BabyChakra website. According to the researcher, Personally Identifiable Information (PII) of more than 55,000 users including children has also been exposed. The database is said to contain full names, phone numbers, addresses and purchase details of the affected users. The entire data exposed is 259GB in size.
The VPNMentor team says that they first reported the issue to BabyChakra on February 9, however the company did not respond to them despite repeated contact.
The researchers also said that the data was found to be secure by the company on April 26, after which they informed Gadgets 360 about the data exposure on April 27.
But Naiyaa Saggi, the founder of BabyChakra, told Gadgets 360 that she [सर्विस में] No issues were found and the misconfiguration issue was fixed after contacting VPNMentor researchers.