Also Read - China Pakistan Economic Corridor: Where CPEC Stands Now?
One of India’s popular music streaming service, Gaana.com is reportedly hacked by a Pakistani software expert. The incident was revealed publicly by the hacker who goes by the name Mak Man on Facebook with the username themakmaniac. He claims to have used SQL injection to break into the Gaana.com’s servers and access database of over 12 million users registered in the service. The service is owned by Times Internet are yet to make an official statement about the incident. Also Read - Pakistan Court Sends 3 Accused To Jail in Forced Conversion Case
As of this moment, the mobile apps are down along with the site. Furthermore, the Lahore based hacker has taunted the website by claiming that SQL injection wasn’t his only method of hacking into the database of Gaana.com. The Mak Man’s website claims that database of 12501407 users are available on his website. However, not all e-mail id’s are believed to be leaked.
[SQLi – Gaana.com] UpdateThe parameter I was using in the exploit, has been patched by the admin .. Now the question is.. Was this the only vulnerable parameter I had .. ? ;)#sqli #gaana
Posted by Mak Man on Thursday, 28 May 2015
Details such as e-mail id, date of birth, Facebook, Twitter, etc have all been made public. Registered users are advised to take necessary precautions immediately and change log in credentials of all personal accounts. Not only that, the Mak Man posted screenshots of Gaana.com’s admin panel. The incident was first brought to light by the Next Web.
Updated! Gaana.com CEO Satyan Gajwani in a comment on Mak Man’s post said, “First of all, I’d like to apologize personally if you had shared these reports and we didn’t respond earlier. Totally unacceptable by us, and I’m looking into it. Second, I don’t think your intention is to expose personal information about Gaana users, but to highlight a vulnerability. Consider it highlighted, and we’re 100% on it. Can I request that you take down access to the data, and delete it completely?”
“And finally, if possible, I’d appreciate if we could hire you as a consultant to help us find any more vulnerabilities across our network, so that we can keep our products as secure as possible. If you’re interested, message me directly, as I’d be very grateful for your advice.”
The request has however been fulfilled and the Mak Man has taken his page down. From the conversation, it appears the technical team of Gaana.com were warned about the loopholes in the system. But the management appear to have ignored the warning. And the attack has come as an eye-opener for the erring staff.
Satyan also released a statement on Twitter.
“A couple of hours ago, a hacker name MakMan exposed a vulnerability in one of our Gaana user databases. Here’s where things stand: First of all, we have patched the vulnerability within an hour of its discovery, as MakMan has also acknowledged. No financial or sensitive personal data beyond Gaana login credentials were accessed. No third party credentials were accessed either. As we understand, the data has not been accessed or shared with anyone; MakMan was highlighting the issue, which we’ve recognized.”
“Most of our users’ data has not been compromised, but we’ve reset all Gaana user passwords, so all users have to make new ones. Yep, it’s a pain, but it’s important. Finally, security is a major focus for us, and we are further strengthening our user security team. We’ve asked Makman if he’d be willing to work with us and help us find any other issues as well. We’re running diagnostics to find any other issues, but rest assured, we’re taking every step to ensure all user info is secure and private,” he concluded.