Skip to main content

Ganna.com Hacked

Gaana.com -- One of India's most popular music streaming service with more than 10 Million registered users and 7.5 Million monthly visitors -- has reportedly been hacked, exposing the site’s user information database.

A Pakistani hacker, who claimed responsibility for the hack, claims that details of over 10 Million users of Gaana service including their username, email addresses, MD5-encrypted password, date of births, and other personal information has been stolen and made available in a searchable database.

At the time of writing, Gaana website is currently down for maintenance without any official statement provided yet. As of now, the site displays, "Site is down due to server maintenance. We will be back shortly. Kindly bear with us till then."


Details of 10 Million Users Available in a Searchable Database:



The hacker, nicknamed Mak Manposted the link to a searchable database of Gaana user details on his Facebook page, with images of the service's admin panel.


By exploiting an SQL injection vulnerability in Gaana website, Mak Man managed to gain access to the details of its 10 Million users. The hacker has also posted a screenshot of SQL exploit he used to get access to the data on Facebook.

Mak Man claimed that he reported the vulnerability by providing full details of the flaw to Gaana.com before. However, the company didn’t respond to his report and ignored, which results in the breach of innocent users personal information.

Flaw Reported to the Company, but Ignored:

It sounds really weird that Gaana from one of India’s biggest internet companies, Times Internet Limited, is vulnerable to such attacks. And even weird when such a reputed company is ignoring vulnerabilities reported to them, putting millions of users at risk.

Most of the data breaches occur because of such behaviour of the companies when hackers and bug hunters responsibly report them flaws but they ignore the issues, encouraging hackers to go public with the details of their customers.

Times Internet CEO Satyan Gajwani replied to the hacker's post on Facebook later and apologised that the company hadn't responded to the security concerns raised by Mak Man.
"I don't think your intention is to expose personal information about Gaana users, but to highlight a vulnerability," Gajwani added. "Consider it highlighted, and we're 100% on it. Can I request that you take down access to the data, and delete it completely?"
Gajwani then took to Twitter and said that the company is considering the issue seriously and taking steps to fix it. He also said there is no financial or sensitive information lost. He also encourages all customers to reset their passwords as soon as possible.



However, simply changing passwords to your Gaana account would not solve the problem, as it will reflect in the leaked database. You are advised to better deactivate your accounts until the issue is resolved. Besides this, change your email, Facebook and Twitter passwords if you are using the same as on Gaana.

Comments

Popular posts from this blog

Here Are 7 Brilliant Cheat Sheets For Linux/Unix

There's nothing better than a cheatsheet when you are stuck and need a reference. So here bringing to you 7 brilliant free cheat sheets. 




1. Unix Tool Box: An incredibly exhaustive reference for all things Linux. This document is a collection of Unix/Linux/BSD commands and tasks which are useful for IT work or for advanced users.

2. One page Linux Manual: Great one page reference to the most popular Linux commands, it is a summary of useful Linux commands.

3. Linux Reference Card: One great reference published by FOSSwire.

4. Linux Command Line Cheat Sheet: This is an interestingly sorted and helpful cheat sheet by cheatography.

5. Linux Command Line Tips: This is a linux command line reference for common operations. Cleanly sorted and well described.

6. Treebeard’s Unix Cheat Sheet: A great reference that shows command comparisons with that of DOS. So if you are someone who was a DOS user and has switched to Linux, this is the best one too have!

7. Linux Shortcuts and Commands:…

WhatsApp is illegal, will soon banned in India : Government

WhatsApp could have accidentally entered into troubled waters here in India by enabling its end-to-end encryption for all. The new security feature by WhatsApp is not what is required by the Indian telecom rules and WhatsApp could face a ban, if the rules are not adhered to. But not yet.
In India, companies need to follow the country’s rules and adhere to specific types of encryption, which WhatsApp does not currently use. WhatsApp’s end-to-end encryption on its chat service means that WhatsApp or anyone else won’t be able to crack open its contents.  Only the sender and the recipient are able to read the encrypted data. WhatsApp uses a 256-bit key for encryption of all chat messages, which is only known to the sender and the recipient.
Why is it not possible for WhatsApp to help decrypt users’ messages? "No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us," WhatsApp founders Jan Koum and Brian Acton wrote on their blog. How…

3 Mega Acquisitions in last week affects the Internet Space of India

Qihoo 360 buys Opera in $1.2 Billion Opera Software intends to accept a $1.2 billion acquisition offer from a group of Chinese companies. The Chinese consortium includes Internet security company Qihoo 360, Internet firm Beijing Kunlun (which invested roughly$93 millioninto Grindr earlier in the year) and investment group Golden Brick and Yonglian. According to Opera, the $1.2 billion is a 56 percent premium over Opera's share price during the last 30 trading days. Despiteclaiming350 million users, the company's browser has struggled in the oversaturated Western market. China could be a profitable arena for Opera, in part because Google's Chrome browserdoes not come preinstalled on Android phones in China like it does elsewhere. In addition, doing business in China without local partners is nigh impossible, but Opera could leverage the networks of Kunlun and Qihoo 360 if the deal goes through.


Snapdeal Buys Freecharge in $400Million e-commerce marketplace Snapdeal has acquired …