Headlines of the Day
Indian twitter alternative Koo leaks user data, claims French hacker
Koo, the Indian microblogging alternative to Twitter, has been accused of exposing its users’ personal data by French security researcher Robert Baptiste, who goes by the pseudonym Elliot Alderson (@fs0c131y on Twitter).
Baptiste claimed that he spent 30 minutes on Koo at the request of users on Twitter and found that the microblogging platform was exposing sensitive information of its users, such as email addresses, names, gender, and more. He posted a series of tweets to detail his findings about the app.
The new Indian microblogging platform recently gained popularity after many Union Ministers, political higher-ups and celebrities joined the app. This came after Twitter refused to block some accounts related to the ongoing farmers’ protest at the request of the government.
Baptiste shared screenshots on his Twitter account which appear to suggest that it was relatively easy for him to obtain the personal information of Koo users. He said the app leaked personal data of its users including email, date of birth, marital status, and gender. Baptiste aka Elliot Alderson also suggested that Koo had a domain registered in the US with the registrant based in China.
Koo is developed by Aprameya Radhakrishna and Mayank Bidawatka. The app has raised investments from 3one4 Capital, Kalaari Capital and Blume Ventures.
Government officials including Union Minister Piyush Goyal invited users to join him on the app via a post on Twitter.
Koo is available on desktop, iOS, and Android, offers a Twitter-like experience in Indian languages. The app had won the government’s Digital India AatmaNirbhar Bharat Innovate Challenge last year, which was meant to encourage indigenous app development.
Reacting to the allegations of data leak, Koo has said, “Users enter their profile data on the app to be shared with others on the platform. That’s what’s displayed everywhere across the platform. While there have been false allegations of a data leak, it’s just commonly called the public profile page for all users to view!” Sentinelassam