One of India’s leading music streaming service Gaana.com has been reportedly hacked, which potentially puts more than 12 million of its user base details at risk. A Pakistan-based hacker who goes by the name “Mak Man” has claimed responsibility of the hack. The hacker has stated that the user information is available in a searchable database, which he has posted on Facebook. Exposed user data includes email addresses, Facebook and Twitter profile details, as well as other personal details, and hashed passwords.
No official statement has been given by Gaana. Satyan Gajwani, the CEO of Times Internet has confirmed over twitter, the website’s database been hacked, but assured that no financial or sensitive personal data beyond Gaana login credentials were accessed and the vulnerability was patched within an hour of its discovery.
“A couple of hours ago, a hacker name MakMan exposed a vulnerability in one of our Gaana user databases. Here’s where things stand – First of all, we have patched the vulnerability within an hour of its discovery, as MakMan has also acknowledged. No financial or sensitive personal data beyond Gaana login credentials were accessed. No third party credentials were accessed either. As we understand, the data has not been accessed or shared with anyone; MakMan was highlighting the issue, which we’ve recognized. Most of our users’ data has not been compromised, but we’ve reset all Gaana user passwords, so all users have to make new ones. Finally, security is a major focus for us, and we are further strengthening our user security team.“
Post the hack, Gaana has taken down its website for maintenance. They have reset passwords for all users and also has taken steps to strengthening its website security. If you got an account at Gaana.com and using the same password anywhere else, we suggest you to change the password immediately or use two factor authentication if possible. Also as an extra precaution revoke Gaana authentication permission from your Facebook and Twitter settings.