French hacker responds to Koo CEO, says he accessed user's data that was ‘hidden’
In the screenshots, it is shown that the new social media platform also reveals users’ Koo count, verified phone numbers and if the account had a verification badge or not.
Update 1: Baptiste replies back to Koo CEO, claiming that although information like Date of Birth, Gender and Marital Status is not visible to users on the profile page, it was still accessible by him.
Also worth mentioning is that Twitter has suspended the official account of the Koo app.
Update 2: Koo CEO has tweeted that the user data claimed as a ‘leak' is something that anyone can see by visitng the user profile.
Some news about data leaking being spoken about unnecessarily. Please read this:— Aprameya R (@aprameya) February 11, 2021
The data visible is something that the user has voluntarily shown on their profile of Koo. It cannot be termed a data leak. If you visit a user profile you can see it anyway
Koo, the Indian microblogging platform that is similar to Twitter, has gained a lot of popularity in the past few days since most of the government ministries and officials have been extremely supportive of it. The app, which won the government's Digital India AatmaNirbhar Bharat Innovate Challenge last year, is now accused of exposing users' personal data.
This was found by French security researcher, Robert Baptiste or Elliot Alderson (@fs0c131y on Twitter). In the tweet, Baptist said that after spending 30 minutes on Koo at the request of users on Twitter, he found that the microblogging platform exposed sensitive information of users. These included the email address, names, gender, marital status, date of birth and more.
You asked so I did it. I spent 30 min on this new Koo app. The app is leaking of the personal data of his users: email, dob, name, marital status, gender, ... https://t.co/87Et18MrOg pic.twitter.com/qzrXeFBW0L— Elliot Alderson (@fs0c131y) February 10, 2021
In the screenshots, it is shown that the new social media platform also reveals users' Koo count, verified phone numbers and if the account had a verification badge or not. The same tweet showed if users' WhatsApp communication is enabled within the app.
In a follow-up tweet, Baptiste says that Koo has a domain registered in the US with a registrant based in China.
It's worth mentioning that Koo is being heavily promoted by government officials including the Union Minister, Piyush Goyal. He even invited users to join him on the app via a post on Twitter. You can download Koo from both Android and iOS app stores. The app has been developed by Aprameya Radhakrishna, who also was responsible for startup Taxi for sure, which later got acquired by Ola.
We had an exclusive chat with the founder and CEO of Koo, Aprameya Radhakrishna. Read what he has to say about this new platform.