Cyber Incident Victim: Patari
Date:
May 2021
Location:
Pakistan
Summary
A Pakistani music streaming service suffered a data breach after hackers accessed its misconfigured MongoDB database, leading to the leak of approximately 260,000 user accounts. The compromised records included full names, email addresses, unsalted MD5 password hashes, playlists, and avatar links. Threat actors claimed they alerted the company about the exposed database but received no response, prompting them to publicly release the data on hacker forums. The organization did not acknowledge or address the breach despite multiple notifications from cybersecurity researchers prior to the leak. User credentials became publicly accessible, exposing accounts to potential unauthorized access and phishing attempts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In May 2021, Patari.pk, a Pakistani music streaming platform, experienced a data breach after attackers discovered a misconfigured MongoDB database exposing user data. The hackers claimed to have identified the unprotected database backup and attempted to notify Patari via email about the security lapse but received no response. This failure to address the vulnerability led the threat actors to publicly dump the entire database on English and Russian-language hacker forums on June 13, 2021. The leaked records contained information from approximately 257,000 registered users, though the exact date of initial database exposure remained unspecified. Cybersecurity outlet Hackread.com independently verified the breach and attempted to contact Patari through multiple channels approximately one week prior to their June 23 publication date, but received no acknowledgment from the company. The attackers' decision to release the data followed what they characterized as Patari's negligence in securing the database after being alerted.
The compromised database included full names or usernames, email addresses, unsalted MD5 password hashes, user playlists, and avatar image links. This exposure created immediate risks for affected users, including potential account takeover attempts on Patari and other platforms where credentials might be reused. The publication of email addresses additionally increased susceptibility to targeted phishing campaigns. While Patari's official response remained undocumented in available sources, security researchers emphasized the particular risk posed by the use of unsalted MD5 hashing, an outdated cryptographic method that enables relatively efficient password cracking. The breach's impact extended beyond credential compromise, as user-generated content like playlists became publicly accessible. Hackread.com's analysis confirmed the authenticity of the leaked data but noted persistent non-responsiveness from Patari regarding remediation efforts or user notifications nearly three weeks after the database appeared online.