Published On : Thu, May 28th, 2015

Popular website gaana.com gets hacked: Vital info of 7.5 million visitors too lay exposed

Nagpur Today & DCP (Cyber Crime) advices users to beware.

under_rmaintainence

Nagpur: Recently one of the favourite web-sites of the youngsters, www.gaana.com got hacked. The administrators have since taken its site offline. However, all the data base of the web-site was also hacked.  This means that the vital information and data of 7.5 million monthly visitors too got hacked.

The hacker has updated his database page with the following message:


“The vulnerable parameter I was using here, has been patched by the Admin. Now the question is, Was this the only vulnerable parameter I had .. ? ;)”

Indian music streaming service Gaana, which has over 7.5 million monthly visitors, has been comprised by a hacker and its user information database is now exposed. The hacker, who calls himself as the moniker Mak Man and appears to be based in Lahore, Pakistan, posted a link to a searchable database of Gaana user details on his Facebook page. Enter a user’s email address and it spits out their full name, email address, MD5-encrypted password, date of birth Facebook and Twitter profiles and more.

The hack appears to be a SQL injection-based exploit of Gaana’s systems, but the intention behind it is unknown. The database shows more than 12.5 million users are currently registered on Gaana.

Mak Man also posted images of the service’s admin panel. What is worth worrying is that an online service from one of India’s biggest internet companies (Times Internet) is vulnerable to attacks like this.

With user details exposed, it may not do much good to simply change the Gaana password, since it will reflect in the hacker’s database. Users are advised to deactivate their account until the issue is resolved, and changing their email, Facebook and Twitter passwords if those passwords are the same as on www.gaana.com too.

It is true that when the Facebook, blog, e-mail or bank accounts get hacked people’s life can be ruined. Many citizens spend their entire existences on-line and such a breach can have terrible ill-effects. Not only money gets stolen, many personal details also gets hijacked.

While speaking exclusively to Nagpur Today, Deputy Commissioner of Police (Crime & Cyber Cell) Deepali Masirkar advised the citizens of Nagpur to follow the following to avoid getting hacked. She claimed that every app in the mobile phone including Whatsapp gets a lot of personal data from the user.

Same passwords: Many people have the same passwords for many accounts. This is a major error.

Facebook and Email Security tips to stop hackers: Some of the very minimum things one should do if they want to stop hackers from ruining their life.

Different passwords: Every single account should have a different password. Never ever have the same password for an insecure site like Facebook and something important like your online banking.

Complex passwords: If your password is less than ten characters long, a mixture of upper and lower case letters, numbers and symbols then it is not strong enough. It must never be a name, birthday or information about someone or something around you. An example of a strong password is something like “iCe#Cold or $ucce$$!key*”

Complex usernames: One should make their usernames as complex as their passwords. Change the usernames to something complex and unrelated.

Use Facebook and email securely with the right URL: Go log in to Facebook. What does the URL say “http://” or “https://”?  If it is the former then you are not in a secure session. Go in to your settings and make sure it always uses https:// and whenever you log into any website make sure you type the “s” if you are logging in.