A blog post

Gaana.com Gets Hacked Leaving 12.5 Million User Accounts Unscathed – Times Internet offers Job to the Hacker

Gaana.com which is the most remarkable Indian music streaming service was hacked by a cyberpunk on Thursday i.e. on 28 May. Over 12.5 Million users’ accounts were hacked by Mak Man, who is a Pakistani hacker from Lahore. He hacked the complete user database of Gaana.com but has left behind all the user accounts unharmed.

Times Internet – Gaana.com

Times Internet which is the largest Indian Online group has launched Gaana.com in April 2010. Gaana.com is the popular streaming service that provides both Indian and international music content. Gaana.com is very user-friendly streaming service and the music is available in more than 21 languages that include major languages such as Hindi, English, Tamil, Telugu, Marathi, Punjabi, and other Indian regional languages. Times Internet is the largest online group in India that has combined page views count of 6.5 billion every month.

Mak Man – Hacker

Mak Man is the Pakistani cyberpunk from Lahore hacked the most popular Indian Music Streaming service, Gaana.com on Thursday. He hacked the user database of Gaan.com which is the commercial streaming service of Times Internet. The intention of the hacker, Mak Man was not iniquitous as no database or financial details of any user were accessed. He has not exposed the database related information and not made them public. According to the hacker, Mak Man had contacted Times Internet. As there was lack of response from Times Internet and this is the reason he had hacked Gaana.com. He had done this hacking so as to vitrine the weak security features and vulnerability of such a popular and largest internet companies from India. By this experience, every company becomes aware and enhances the security of their business database.

After hacking Gaana.com, Mak Man issued a statement regarding the hack on this Facebook account:

Mak Man statement after the Hack

Strategy behind the Hack

Mak Man hacked the bulk and enormous database of Gaana.com using an SQL injection based Exploit. Gaana.com has 75 lakh monthly visitors and has 12.5 Million users who got registered as of now. By using that exploit he hacked the entire user database but has not harmed or untouched a single row in the database. After hacking the Gaana.com database posted few images on his Facebook account about the hack. He has also shared a link that was created on his website that assisted him as a proxy resource through which he accessed the complete account details of Gaana.com.

After hacking the Gaana web site, Mak Man shared the details regarding the hack on Facebook as:

“Mak Man

[SQL injection] Gaana.com – http://makman.tk/gaana.php

Alexa rank: 121 (India)

Number of user records in database: 10 million+

Exploit POC: http://makman.tk/gaana.php

POC details: Enter the email address of the user (registered on gaana.com) to get all the details.”

Times Internet Response towards the Hack

Times Internet was really shocked initially due to this sudden hack happened for their own Popular Music Streaming Service offered Website. Gaana.com remained offline for some hours after the site got hacked. Later, the CEO of Times Internet, Satyan Gajwani acknowledged that the database hack had actually happened, but assured all its users that no private details were stolen or exposed as public. He assured all the users and tweeted:

“No financial or sensitive personal data beyond Gaana login credentials were accessed. No third party credentials were accessed either”.

Gaana CEO Response

He also assured all the users of Gaana that the access details are being updated and has enhanced the security in a robust manner.

Reason behind the Possibility of Gaana Database Hack

Gaana CEO, Satyan Gajwani was queried by a Twitter user that, “What is the reason behind the possibility of hack?” Satyan said that The SQL injection was performed on a developer API, which was not in use and was obsolete. The hacker got a chance to hack the database through this small vulnerability. Actually, the developer API was out-dated and it was ‘missed’ by the security team that has resulted in this hack.
Undoubtedly, SQL Injection is one of the most common and lethal attacks that can facilely compromise a website or portal. But the incident that took place for Times Internet is reckoned among India’s top web services. It alarms as a glitch in security.
As stated earlier, it is for sure that Mak Man had no evil intents of exploiting the data. If he had such kind of intentions, then he could have disseminated or exported all user details and the information would have reached the dark, subversive belly of the Internet within no time. Truly, Times Internet is very fortunate for not getting any kind of exploitations or harm to the user-related data.

Times Internet offers Job to the Hacker

Astonishingly, Satyan Gajwani even reached out to the hacker and said: “Hi, I’m Satyan, CEO of Times Internet, which runs Gaana. First of all, I’d like to apologize you personally for not responding earlier. Totally unacceptable by us, and I’m looking into it.”

Times Internet CEO apologizes for the hacker

Mak Man Sajjad Ahmad also responded to CEO and tweeted:

Times Internet offers job to Gaana Hacker

The CEO later tweeted that the hacker has removed the database of #amankiasha, an initiative started by The Times Group for maintaining good harmony between India and Pakistan.

Mak Man also posted on Facebook that he is not envisioned to hack the financial information from Gaana.com and ensured that he didn’t save any data elsewhere.

Interestingly, the CEO of Times Internet, Satyan Gajwani has even offered the hacker a job at Gaana.com so as to support the company in tracing other issues on the site.

Times Internet CEO offers job to Hacker

We hope and anticipate that Times Internet renovates their security protocols and checks, and save their user’s precious data in the website database. It would be very nice if the hacker Mak Man accepts the job offer from Satyan Gajwani and improvises Gaana without any issues in future.

reply