Updated: Times Internet’s Gaana.com Hacked Leaving Over 10Mn User Details Exposed

Update2: Mak Man in a new status update has said that no financial information was accessed during the hack of Database, and no information was dumped and stored locally. He also said that exploit script was just a POC to highlight the issue which was grabbing the details directly from their DBMS.

Update1: Few hours after posting searchable database link of Gaana user details on his Facebook page, Mak has now removed it from his website on request of Times Internet CEO Satyan Gajwani.

Before:

Indian music streaming service Gaana has been hacked by a Lahore based hacker who goes by the name of Mak Man. The hacker, Mak Man has also posted a searchable database link of Gaana user details on his Facebook page. The development was first reported by TheNextWeb.

The hack appears to be a SQL injection-based exploit of Gaana’s systems. Enter a user’s email id and it outputs their full name, email address, password, date of birth, Facebook and Twitter profiles and a lot more. The database shows more than 12.5 million users are currently registered on Gaana.

Mak Man also posted images of the service’s admin panel.

Since the story broke, Gaana has taken its site offline and the exposed database isn’t returning search results when we queried it with test data.

Looks like the database has been patched and the queries are no longer working. However the hacker latest status update on Facebook, mischievously suggests that there might be more vulnerabilities in Gaana’s system and this might just be the beginning.

It is shocking to see that giants like Times are also vulnerable to such exploits, risking millions of users data and privacy. Gaana has reportedly over 7.5 Mn monthly visitors and over 10 million active users.

Apart from Gaana, other music streaming companies in India include Saavn, Airtel’s Wynk, Hungama, Vodafone Music among others. Earlier this year,  audio streaming company Rdio had launched in India, with a catalogue of 32 Mn songs in 43 language, previously, Rdio had acquired Pune based Dhingana. Recently, Hungama had crossed a milestone of having 50 Mn+ monthly active users on its platform with aim to cross 100Mn MAUs by March 2016. Also, Australian music streaming service i.e. Guvera claims to have over 3 Mn users in India.

Related: Gaana Vs Saavn – Who’ll Become The Spotify Of India?

Satyan Gajwani spoke about this issue on Twitter in a series of tweets:

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.