- Koo is an Indian alternative to Twitter
- French hacker Robert Baptiste claims that Koo leaks email, name, gender, martial status and more
- Baptiste had previously reported security flaws in the Aadhaar and Aarogya Setu app
Robert Baptiste (who goes by Elliot Alderson on Twitter), a French ethical hacker, first revealed security flaws in the Aadhaar database way back in 2018. Last year, the Aarogya Setu app was his target. Now, Baptiste has tested the Indian microblogging site, Koo, after his followers urged him to do so. In a tweet, he revealed that the app is leaking personal information of its users.
Koo is a desi Twitter alternative and has shot to limelight after the government’s spat with the Jack Dorsey-helmed popular microblogging platform.
You asked so I did it. I spent 30 min on this new Koo app. The app is leaking of the personal data of his users: email, dob, name, marital status, gender, … https://t.co/87Et18MrOg pic.twitter.com/qzrXeFBW0L
— Elliot Alderson (@fs0c131y) February 10, 2021
Indian Twitter alternative Koo found leaking sensitive user information
In the tweet, Baptiste shared screenshots of the developer’s code for Koo. He spent 30 minutes on the app and mentioned that it was leaking sensitive user data such as email addresses, date of birth, name, marital status and gender.
In a subsequent tweet, Baptiste revealed domain details of Koo as well. The IP’s geolocation showed as the US and its registrant as Tao Zhou based in Jiangxi, China. The registrant’s name is also associated with more than 100 domains.
The hacker also shared a screenshot that the app was down along with an image that showed the message ‘no healthy upstream’. Koo’s official Twitter handle stated that its servers were down due to unprecedented demand. The microblogging platform’s priority is to use India-based servers only.
The Koo app has been promoted by several Indian government officials and celebrities. It has gained popularity in India after Twitter refused to block several accounts flagged by the government, as thisviolated the right to freedom of speech.
The Koo app is available on desktop, iOS and Android devices. The app debuted in March last year and had won the government’s Digital India AatmaNirbhar Bharat Innovate Challenge.