Music streaming service Gaana offline after hacker exposes user database flaw
The website for Indian music streaming service Gaana has been taken offline, after a hacker called “Mak Man” exploited a vulnerability affecting one its user databases to bring attention to the issue.
The Next Web broke the news Thursday morning that Gaana's systems were vulnerable, and that Mak Man had posted a link to the database on his Facebook page.
By exploiting a SQL injection vulnerability the hacker was able to access users' login credentials, but not financial or sensitive personal data or third-party credentials, Satyan Gajwani, the CEO of Times Internet (which owns Gaana), said on Twitter. Gaana has since patched the vulnerability and reset all users' passwords.
While more than 10 million users' details were reportedly accessible, Gaana confirmed that the login credentials were hashed. As of Thursday afternoon EST, Gaana.com was still down “due to server maintenance,” the site said.