Gaana.com hacked, user details now in the open [UPDATED]

By Nikhil Pradhan | Published on 28 May 2015
HIGHLIGHTS

Hacker uses SQL injection to access Gaana.com’s user details and back-end admin panel.

Gaana.com hacked, user details now in the open [UPDATED]

Dell Vostro

Power New Possibilities | Dell PCs starting at Rs.35,990*

Click here to know more

Advertisements

[UPDATE]: The hacker has removed the ability to access Gaana.com's user details from his website after the Times Internet CEO reached out to him. There's still no word on how many users' details were accessed when people were still able to do so. Satyan Gajwani, the CEO of Times Internet, has claimed on Twitter that on account of the hack, Gaana.com will be resetting all its users' details.

 

 

[ORIGINAL STORY]: Gaana.com, the popular online music streaming service run by Times Internet, has been hacked and the service’s user details are now visible for all to see. The hacker whose Facebook profile states that he’s from Lahore, Pakistan, apparently hacked Gaana.com with the help of a SQL injection. Gaana.com is currently offline and trying to access the website displays a maintenance message.

The hacker has posted a link on his Facebook page using which anyone can get view a Gaana user’s personal details (for obvious reasons we won’t post the link in this story). Fortunately, it doesn’t appear that hack has revealed any payment info of premium Gaana users but it has made passwords vulnerable. So, if you use Gaana and have used the password on other websites as well, we’d suggest you change those passwords immediately.

The hacker has also apparently been able to gain access to Gaana’s backend admin panel as screenshots on The Next Web attest. The vulnerability appears to have been patched out by Gaana’s security team and in response, the hacker has posted a reply on his website, “The vulnerable parameter I was using here, has been patched by the Admin. Now the question is, Was this the only vulnerable parameter I had .. ? ;).”

Shockingly, Gaana.com has yet to send out an email or any kind of notification warning its users of the hack and the fact that their information has been leaked online. For a service that proudly claims to be “India’s Favourite Music App” and boasts of over a million users, it appears that informing users about this vulnerability is low on its list of priorities.

via The Next Web

logo
Nikhil Pradhan

https://plus.google.com/u/0/101379756352447467333

Digit caters to the largest community of tech buyers, users and enthusiasts in India. The all new Digit in continues the legacy of Thinkdigit.com as one of the largest portals in India committed to technology users and buyers. Digit is also one of the most trusted names when it comes to technology reviews and buying advice and is home to the Digit Test Lab, India's most proficient center for testing and reviewing technology products.

We are about leadership-the 9.9 kind! Building a leading media company out of India.And,grooming new leaders for this promising industry.

DMCA.com Protection Status