Close this search box. white logo

CloudDefense.AI Discovered Yes Madam’s Security Breach, Exposing Sensitive Data of 900,000 Customers and Gig Workers

Security breaches have become a grave concern for both individuals and businesses. CloudDefense.AI has found that Indian at-home salon platform Yes Madam had left sensitive customer and gig worker data exposed due to a server-side misconfiguration. According to the startup’s website, Yes Madam operates in over 30 cities in India and offers salon services at home, including therapies, massage, spa, and male grooming. With over a million app downloads, Yes Madam’s mobile apps are popular among users who prefer to get salon services in the comfort of their own homes.

Understanding the Breach 

The Scope of the Data Exposure 

The breach at Yes Madam has cast a shadow of uncertainty over the personal information of nearly a million individuals. Customer data, including names, contact information, and service histories, have been compromised. Additionally, sensitive financial information and personal identification data have also been exposed, raising concerns about potential identity theft and financial fraud.

CloudDefense.AI Discovered Yes Madam's Security Breach, Exposing Sensitive Data of 900,000 Customers and Gig Workers

Server-side Misconfiguration

However, due to a server-side misconfiguration, a database containing full names, mobile numbers, mailing addresses, email addresses, location data, payment links, and device details of hundreds of thousands of Yes Madam customers was left connected to the internet without a password since at least February 20. In addition, profile images, names, and mobile numbers of gig workers on the platform were also exposed.

How CloudDefense.AI Detected the Breach

The database was discovered by our security researcher Anurag Sen, who promptly notified Yes Madam and TechCrunch to help report the issue. Anyone with knowledge of the database’s IP address could access the spilling data due to the misconfiguration using just their web browser.Anurag Sen said the database had entries of more than 900,000 users. It was featured by TechCrunch.

Upon being notified, Yes Madam secured the database and claimed to have implemented a fix. However, it is unclear if anyone else accessed the data before it was secured. When asked if Yes Madam had the technical means, such as logs, to determine whether the exposed data was accessed by anyone else, Yes Madam co-founder Mayank Arya did not provide further comment.

Sen also informed India’s computer emergency response team CERT-In about the data exposure, as the agency is responsible for handling cybersecurity issues in the country.

This incident highlights the importance of implementing proper security protocols to protect user data. Startups and established businesses alike should ensure that their systems are secure and regularly audited to prevent data breaches that could compromise user privacy and security. It also underscores the need for researchers and security professionals to be vigilant in identifying vulnerabilities and reporting them to companies and relevant authorities to prevent data breaches and other security incidents.


While Yes Madam has secured the exposed database, this incident serves as a warning to all companies that handle user data to take their security measures seriously and ensure that their customers’ sensitive information is protected.

As individuals, it’s crucial to be cautious about sharing personal information online and to choose service providers that prioritize data security. In the digital age, the responsibility for data protection falls on both companies and consumers.

Related Articles:

  1. CloudDefense.AI exposes security flaw in breast pump company’s data storage, leaving millions of documents at risk
  2. CloudDefense.AI Discovers Unsecured Database of a Higher Education Social Platform, Exposing Sensitive Personal Data of Millions
Blog Footer CTA
Table of Contents
favicon icon
Are You at Risk?
Find Out with a FREE Cybersecurity Assessment!
Picture of Abhishek Arora
Abhishek Arora
Abhishek Arora, a co-founder and Chief Operating Officer at CloudDefense.AI, is a serial entrepreneur and investor. With a background in Computer Science, Agile Software Development, and Agile Product Development, Abhishek has been a driving force behind CloudDefense.AI’s mission to rapidly identify and mitigate critical risks in Applications and Infrastructure as Code.
Protect your Applications & Cloud Infrastructure from attackers by leveraging CloudDefense.AI ACS patented technology.

579 University Ave, Palo Alto, CA 94301

Book A Free Live Demo!

Please feel free to schedule a live demo to experience the full range of our CNAPP capabilities. We would be happy to guide you through the process and answer any questions you may have. Thank you for considering our services.

Limited Time Offer

Supercharge Your Security with CloudDefense.AI