Indian music streaming service Ganaa hacked, site yanked offline

  • 28 May 2015
  • 1 reply
  • 1069 views

Userlevel 7
Badge +54

Frustrated 'white hat' reportedly went large after being ignored

28 May 2015 at 17:32, John Leyden
 
Service has been suspended, and passwords reset, following a hack against Indian music streaming service Ganaa.
 
Ganaa detailed its response to the newly-discovered security breach in a series of updates to its official Twitter feed.
We have temporarily removed access to our website and app as a vulnerability in one of our Gaana user databases was exposed.No financial or sensitive personal data beyond Gaana login credentials were accessed. No third party credentials were accessed either.
Most of our users' data has not been compromised, but we've reset all Gaana user passwords, so all users have to make new ones.
 
Full Article

1 reply

Userlevel 7
Badge +54
May 29, 2015  By Pierluigi Paganini
 
The hacker, which calls himself Mak Man (this is the nick name he also used on Facebook), has published screen shots of the stolen data, the images demonstrate that the attacker accessed user IDs, passwords and other private details. Mak Man exploiting an SQL injection vulnerability in Gaana website and once stolen the data in the database he also shared the link to a searchable archive of Gaana user.
 
http://securityaffairs.co/wordpress/wp-content/uploads/2015/05/gaana-users.jpg
 
Full Article

Reply