Gaana.com which hosts 7.5 million users monthly was defaced and hacked yesterday by a Pakistani hacker MakMan. The hacker who apparently resides in Lahore posted about his successful hack on his Facebook page. He stated that he was successful in gaining access to user’s personal data which was uploaded to a searchable database. If a user’s email address was entered, voila a jackpot was reached! The database would expose user’s full name, email address, MD5-hashed password, Twitter and Facebook profiles.
MakMan used an SQL injection based vulnerability for hacking the database of Gaana’s website. The database showed that more than 12.5 million users were registered for the services of Gaana. The goal of MakMan was to highlight a vulnerability in Gaana’s website, which initially was reported to the administrator without fail. MakMan then decided to take the route of hacking the website and uploaded all the details onto a searchable database.
As per MakMan’s admission, no financial data was compromised in the aftermath of the hack. He, later on the request of the CEO of Gaana, deleted the user database from the Facebook page which isn’t accessible anymore. It was recommended in light of the hack, that all users were to change their passwords immediately. Gaana’s website was initially taken offline for maintenance but now is accessible again to all the users.