Indian music streaming service Gaana was compromised earlier today by a Pakistani hacker going by the name of Mak Man. The hacker further claimed that he was able to extract the entire Gaana user information database and shared a link where one could access the same.
Since then, Gaana has taken its site offline and the exposed database isn’t returning search results when queried with test data. Satyan Gajwant, CEO of Times Internet that owns Gaana later Tweeted saying that user data wasn’t leaked and that Mak Man had used it as a way to make the company aware of vulnerabilities in their code.
In his Facebook post, Mak Man claims to have used a simple SQL Injection technique to engineer the attack and gain access into Gaana’s backend panel. Doing so, he was able to get his hands on the 12.5 million+ user database, which apparently wasn’t exposed in the attack for obvious reasons of user safety and privacy.