HackDig : Dig high-quality web security articles for hacker

Indian Music Site Gaana ‘Hacked’ by Researcher

2015-05-29 13:35

Indian music-streaming site Gaana appears to be back up and running after a security breach yesterday which exposed user log-ins.

The firm, which is India’s most popular online music broadcaster with over 7 million monthly visitors, took to Twitter and Facebook to provide the following updates on Thursday afternoon:

“We have temporarily removed access to our website and app as a vulnerability in one of our Gaana user databases was exposed. No financial or sensitive personal data beyond Gaana login credentials were accessed. No third party credentials were accessed either. Most of our users' data has not been compromised, but we've reset all Gaana user passwords, so all users have to make new ones. We would like to assure that security is a major focus for us and we are further strengthening our user security team.”

Local reports claimed that the site was hacked by a Pakistani man calling himself Mak Man as a proof of concept to highlight a security flaw allowing attackers to grab data directly from the site’s database management systems.

The CEO of Ganaa-owner Times Internet is said to have responded to the hacker via Facebook, apologizing that the firm had not acted sooner on Mak Man’s research and offering him a job.

“And finally, if possible, I’d appreciate if we could hire you as a consultant to help us find any more vulnerabilities across our network, so that we can keep our products as secure as possible. If you’re interested, message me directly, as I’d be very grateful for your advice,” he wrote.

Trey Ford, global security strategist at Rapid7 explained that researchers are often frustrated by the fact that firms which aren’t used to receiving bug reports often don’t have a standardized way of responding.

“It sounds like Gaana.com is taking the right steps by forcing a password reset for their users, and all the normal guidance applies,” he added.

“If people are using their Gaana.com password anywhere else, they need to go change that password on other sites to something unique before their account is accessed.”


Source: /yb-dekcah-anaag-etis-cisum-naidni/swen/moc.enizagam-ytirucesofni.www

Read:823 | Comments:0 | Tags:No Tag

“Indian Music Site Gaana ‘Hacked’ by Researcher”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud