Indian music streaming service Gaana.com was hacked by a netizen named Mak Man on Thursday, 28 May. The streaming service with 10 million users belongs to Times Internet.
After hacking the website, the hacker aka Mak Man shared the news on Facebook, reported Business Standard. The Lahore based hacker wrote:
"Mak Man
[SQL injection] Gaana.com - http://makman.tk/gaana.php
Alexa rank: 121 (India)
Number of user records in database: 10 million+
Exploit POC: http://makman.tk/gaana.php
POC details: Enter the email address of the user (registered on gaana.com) to get all the details."
Once the site was hacked, Gaana.com remained offline for hours and sometime later Satyan Gajwani, CEO of Times Internet accepted that the site had been hacked and also said that the hacker discovered exploits existing on the site.
Later he tweeted to confirm that the exploit had been successfully patched and also requested all the existing users to change their passwords. He also confirmed that no user data had been compromised.
Update- No data was ever stored, and the site is removed. Nonetheless, we are resetting all user details on @gaana pic.twitter.com/YanYnA0XXA
— Satyan Gajwani (@satyangajwani) May 28, 2015
Surprisingly, Gajwani even reached out to the hacker and said: "Hi, I'm Satyan, CEO of Times Internet, which runs Gaana. First of all, I'd like to apologise personally if you had shared these reports and we didn't respond earlier. Totally unacceptable by us, and I'm looking into it."
Mak Man alias Sajja Ahmad also responded and said: "Hello Satyan! It's good to see that you took notice of the issue before it was too late. You are right, our intention was not to disclose any private information of the users but to highlight the issue. The vulnerability was reported to the technical head of the website several times but he failed to fix it.
"Anyhow, the page exposing the information has been taken down permanently. Direct requests from that page were generated to the gaana.com server to extract the information. We assure you no data from the website database was saved anywhere. Mak Man will message you for further discussion."
The CEO later tweeted that the hacker has removed the database of #amankiasha, an initiative started by The Times Group for maintaining harmony between India and Pakistan.
Mak Man also posted on Facebook that he did not intend to hack the financial information from Gaana.com and didn't save any data elsewhere.
Interestingly, Gajwani has even offered the hacker a job at Gaana.com to help find other issues on the site.
We've asked Makman if he'd be willing to work with us and help us find any other issues as well. https://t.co/8txhpbKGVc 8/n
— Satyan Gajwani (@satyangajwani) May 28, 2015
