Pakistani hackers hacked into the database user of popular Indian MP3 music streaming website Gaana.com. ‘Mak Man’ announced through its Facebook page has also claimed claimed to be the database of users Gaana.com containing details of over 10 million users.
The hacker later clarified that data of users have not been copied or downloaded, but I was being consulted in real time on the basis of data Gaana.com from the vulnerable, who later had been patched. However, it is possible that a third party may have made at least in partial copies of the data over time.
Satyan Gajwani, the CEO of the Internet age, which has confirmed Gaana.com database website was hacked but said “most” of user data had not committed.
“A couple of hours ago, a hacker name MakMan exposed a vulnerability in one of our Gaana user databases,” Gajwani said via Twitter. “Here’s where things stand: First of all, we have patched the vulnerability within an hour of its discovery, as MakMan has also acknowledged. No financial or sensitive personal data beyond Gaana login credentials were accessed. No third party credentials were accessed either.”
“As we understand, the data has not been accessed or shared with anyone; MakMan was highlighting the issue, which we’ve recognised. Most of our users’ data has not been compromised, but we’ve reset all Gaana user passwords, so all users have to make new ones.”
The hacker also claimed to have gained the backend panel of Gaana.com and posted alleged pictures of the same access. He claims to have used the technique to design simple SQL injection attack. The development was first reported by The Geek Byte.
If you are a registered user on Gaana.com we recommend you to change your account password immediately.
“I here by confirm that no financial information was accessed during the hack of Gaana.com. Database was so huge that I didn’t even bother looking, and no information was dumped and stored locally, not even a single row”
He said that the hack was “just a POC (proof of concept) to highlight the issue that it is possible to grab details directly from their DBMS (Database management systems) and I repeat again information was not stored locally.”
In his reply on the hacker’s Facebook page, Gajwani said: “First of all, I’d like to apologize personally if you had shared these reports and we didn’t respond earlier. Totally unacceptable by us, and I’m looking into it.”
Gaana.com CEO Said: “And finally, if possible, I’d appreciate if we could hire you as a consultant to help us find any more vulnerabilities across our network, so that we can keep our products as secure as possible. If you’re interested, message me directly, as I’d be very grateful for your advice,”.