Gaana.com, India’s popular music streaming website has been hacked. The complete database of at least 10 million users was updated along with their details on the Facebook page of the hacker from Lahore, Pakistan who goes by the name ‘Mak Man.’
The Next Web reported that the hack seems to be an SQL injection-based exploit of Gaana’s systems. The reason behind the hack is yet to be identified. According to Tech2, if a person enters the registered email address of a Gaana.com account, they can have access to their full name, email address, date of birth, MD5-encrypted password, along with Facebook & Twitter profiles as well.
Satyan Gajwani, the CEO of Times Internet, which owns Gaana.com confirmed about the website hacking on his Twitter account. He, however, said that “most of” data of the users was not compromised.
“A couple of hours ago, a hacker name MakMan exposed a vulnerability in one of our Gaana user databases,” Gajwani tweeted. “Here’s where things stand: First of all, we have patched the vulnerability within an hour of its discovery, as MakMan has also acknowledged. No financial or sensitive personal data beyond Gaana login credentials were accessed. No third party credentials were accessed either.”
“As we understand, the data has not been accessed or shared with anyone; MakMan was highlighting the issue, which we’ve recognised. Most of our users’ data has not been compromised, but we’ve reset all Gaana user passwords, so all users have to make new ones.”
When the official page of Gaana.com is accessed, the page now says “Site is down due to server maintenance.”
The hacker updated his database page saying, “The vulnerable parameter I was using here, has been patched by the Admin. Now the question is, Was this the only vulnerable parameter I had .. ? ;)”
Users of Gaana.com are advised to deactivate their Gaana account and change their email, Facebook and Twitter passwords. The website is currently “down due to server maintenance.”
In June 2012, social networking website LinkedIn was hacked. Russian cybercriminals stole passwords of 6.5 million user accounts. Owners of the hacked accounts were not able to login to their accounts were encouraged by the websites its users to change their passwords following the incident.
LinkedIn had apologised after the hack and requested its users to immediately change their passwords. The US Federal Bureau of Investigation helped the LinkedIn Corporation in investigating the theft.