Gaana.com is back online; personal details of over 10 million users exposed due to hack

gaana-624x351



Update: Gaana.com is currently back online. The hacker MakMan posted the below tweet and stated that no financial details of any user was accessed. The hacker also added that he has not stored any information locally.







One of India’s popular music streaming service Gaana has been reportedly hacked and its massive database, about 10 million users, has been compromised. The hacker goes by the name MakMan who appears to be based in Lahore, Pakistan who posted a link to his Facebook page of what appears to be the entire database of Gaana.com’s users containing personal details.

The reason behind the hack is unknown. If a person enters the registered email address of a Gaana.com account, they can have access to their full name, email address, date of birth, MD5-encrypted password, along with Facebook & Twitter profiles as well. According to a report by The Next Web, the hack appears to be a SQL injection-based exploit of Gaana’s systems.
The hacker had updated his database page with the following message: “The vulnerable parameter I was using here, has been patched by the Admin. Now the question is, Was this the only vulnerable parameter I had .. ? ;)”

However, when we checked, the following message appeared.
Capture231
In any case, users are advised to not simply change their Gaana.com password but rather deactivate their account till the problem is solved. Also, users should change their email, Facebook and Twitter passwords if they’re the same as on Gaana.com. At the moment, there is no official statement from Times Internet Limited, which owns Gaana.com. As of now, website displays, “Site is down due to server maintenance. We will be back shortly. Kindly bear with us till then”.