Koo leaking personal data, claims French hacker

Koo leaking personal data, claims French hacker


ndian microblogging platform, Koo that is similar to Twitter and is available in Indian languages, has been accused of leaking the personal information of its users by the French security researcher Robert Baptiste, who goes by the name Elliot Alderson (@fs0c131y) on Twitter. Baptiste said in a tweet that he spent 30 minutes on the blog and found that Koo was leaking personal data of its users such as email address, date of birth, marital status, gender and more. He also posted a summary of the mentioned findings in his tweet.

The new Indian microblogging platform has gained popularity as government officials are promoting the app including Union Minister Piyush Goyal who recently tweeted, "I am now on Koo. Connect with me on this Indian micro-blogging platform for real-time, exciting and exclusive updates. Let us exchange our thoughts and ideas on Koo.”

Reacting to the allegations, Koo said, "Users enter their profile data on the app to be shared with others on the platform. That's what's displayed everywhere across the platform. While there have been false allegations of a data leak, it's just commonly called the public profile page for all users to view!"

Another user replied to Baptiste's tweet, "It's storing user tokens as frontend global variables if you know the token info of a user. go to /create you can directly put values in here, with inspecting mode which I think will enable the compose button, and you can remotely tweet to that account with the token info." Following the Atmanirbhar drive, several people have downloaded the app lately.