A hacker name "Mak Man" have exploited the SQL-injection vulnerability in the site and took over the whole site database. Hacker have gained access to the database of the site which includes username, email addresses, MD5-encrypted password, date of births, and other personal information of the users.
Hackers says that he had reported the security vulnerability to the Gaana team, but music streaming service have not responded to the Mak Man report, which result in the breach of innocent users personal information. After that hackers have made the whole database available in a searchable database and released to the public.
Gaana is been run by India's biggest internet companies, Times Internet Ltd. and its seems weird when these companies ignores the security issue of the site and leaves millions of the users data under risk.
Times Internet CEO Satyan Gajwani replied to the hacker's post on Facebook later and apologised that the company hadn't responded to the security concerns raised by Mak Man. On the Mak Man Post he had commented -
"I don't think your intention is to expose personal information about Gaana users, but to highlight a vulnerability. Consider it highlighted, and we're 100% on it. Can I request that you take down access to the data, and delete it completely?"On his twitter account also he had tweeted about the hack incident and considering the company is looking the issue seriously. He mention that - "No financial or sensitive personal data beyond Gaana login credentials were accessed. No third party credentials were accessed either".
Its have been more than 18 hours that Mak Man have published the the link to a searchable database of Gaana user details on his Facebook, and after some hours of the post Gaana website went offline without any prior notice. Meanwhile, the website displays, "Site is down due to server maintenance. We will be back shortly. Kindly bear with us till then."
Just now Mak Man have confirmed via his Facebook account that no financial information was accessed during the hack of Gaana.com, and no information was dumped and stored locall., not even a single row.