On Thursday, Indian online music streaming service, Gaana.com, has been hacked by a hacker from Lahore, Pakistan. This hacker revealed that he was able to gain access to the user database of Gaana by using a vulnerability that he was reporting to Gaana team from last couple of months. The hacker who goes by the moniker ‘Mak Man’ announced the exploit via his Facebook page and also uploaded what he claimed was a database containing details of over 10 million Gaana.com users. The user data included email addresses, Facebook and Twitter profile details, as well as date of birth, and hashed passwords.
According to Satyan Gajwani’s tweets, the CEO of Times Internet which owns Gaana.com, it has been confirmed that the website’s database was hacked but claimed “most of” users’ data had not been compromised.
Update- No data was ever stored, and the site is removed. Nonetheless, we are resetting all user details on @gaana pic.twitter.com/YanYnA0XXA
— Satyan Gajwani (@satyangajwani) May 28, 2015
However, the hacker later clarified that the user data had not been copied or downloaded, but was being queried in realtime from the vulnerable Gaana database, which was later patched. Although, it’s possible a third-party may have made at least partial copies of the data in the several hours between the time the exploit was made public and a fix was deployed.
And the hackers have removed the database from their site. #amankiasha pic.twitter.com/9ZPeS2CJ8a
— Satyan Gajwani (@satyangajwani) May 28, 2015
The hack seeems to be a SQL injection-based exploit of Gaana’s systems, but the intention behind it is unknown. Over 12.5 million users are currently registered on Gaana. The hacker, Mak Man, has also posted images of the service’s admin panel on his Facebook page.
About 10 Million Users .. 3:)[SQL Injection] Gaana.com – http://makman.tk/gaana.php#Alexa_Rank : 121…
Posted by Mak Man on Wednesday, May 27, 2015
As of now, Gaana.com website displays, “Site is down due to server maintenance. We will be back shortly. Kindly bear with us till then”.
Experts have reportedly said that with user details exposed, changing merely a password of your Gaana account may not serve the purpose. So it is better to deactivate your account until the issue is resolved.
If you are a registered Gaana.com user and use the same password anywhere else, we advise you to change your passwords immediately.
Is your financial information safe with these companies? Let us know.
Source: facebook
Comments