A hacker from Pakistan revealed on Thursday that he was able to gain access to the user database of popular music streaming website Gaana.com. 'Mak Man' announced the exploit via his Facebook page and also uploaded what he claimed was a database containing details of over 10 million Gaana.com users. The user data included email addresses, Facebook and Twitter profile details, as well as date of birth, and hashed passwords.
The hacker later clarified that the user data had not been copied or downloaded, but was being queried in realtime from the vulnerable Gaana database, which was later patched. However, it's possible a third-party may have made at least partial copies of the data in the several hours between the time the exploit was made public and a fix was deployed.
Satyan Gajwani, the CEO of Times Internet, which owns Gaana.com, confirmed the website's database was hacked, but claimed "most of" users' data had not been compromised.
"A couple of hours ago, a hacker name MakMan exposed a vulnerability in one of our Gaana user databases," Gajwani said via Twitter. "Here's where things stand: First of all, we have patched the vulnerability within an hour of its discovery, as MakMan has also acknowledged. No financial or sensitive personal data beyond Gaana login credentials were accessed. No third party credentials were accessed either."
"As we understand, the data has not been accessed or shared with anyone; MakMan was highlighting the issue, which we've recognised. Most of our users' data has not been compromised, but we've reset all Gaana user passwords, so all users have to make new ones."
The hacker also claimed to have gained access to Gaana's backend panel and posted purported screenshots of the same. The development was first reported by The Geek Byte.
If you are a registered Gaana.com user and use the same password anywhere else, we advise you to change your passwords immediately.