Gaana.com hacked, user details now in the open [UPDATED]

Updated on 28-May-2015
HIGHLIGHTS

Hacker uses SQL injection to access Gaana.com’s user details and back-end admin panel.

[UPDATE]: The hacker has removed the ability to access Gaana.com's user details from his website after the Times Internet CEO reached out to him. There's still no word on how many users' details were accessed when people were still able to do so. Satyan Gajwani, the CEO of Times Internet, has claimed on Twitter that on account of the hack, Gaana.com will be resetting all its users' details.

 

https://twitter.com/satyangajwani/status/603875251173359616

 

[ORIGINAL STORY]: Gaana.com, the popular online music streaming service run by Times Internet, has been hacked and the service’s user details are now visible for all to see. The hacker whose Facebook profile states that he’s from Lahore, Pakistan, apparently hacked Gaana.com with the help of a SQL injection. Gaana.com is currently offline and trying to access the website displays a maintenance message.

The hacker has posted a link on his Facebook page using which anyone can get view a Gaana user’s personal details (for obvious reasons we won’t post the link in this story). Fortunately, it doesn’t appear that hack has revealed any payment info of premium Gaana users but it has made passwords vulnerable. So, if you use Gaana and have used the password on other websites as well, we’d suggest you change those passwords immediately.

The hacker has also apparently been able to gain access to Gaana’s backend admin panel as screenshots on The Next Web attest. The vulnerability appears to have been patched out by Gaana’s security team and in response, the hacker has posted a reply on his website, “The vulnerable parameter I was using here, has been patched by the Admin. Now the question is, Was this the only vulnerable parameter I had .. ? ;).”

Shockingly, Gaana.com has yet to send out an email or any kind of notification warning its users of the hack and the fact that their information has been leaked online. For a service that proudly claims to be “India’s Favourite Music App” and boasts of over a million users, it appears that informing users about this vulnerability is low on its list of priorities.

via The Next Web

Nikhil Pradhan

https://plus.google.com/u/0/101379756352447467333

Connect On :