Cyber Incident Victim: Gaana

On May 28, 2015, Indian music streaming service Gaana, owned by Times Internet and serving over 7.5 million monthly visitors, suffered a data breach compromising its user database. A hacker identifying as Mak Man, based in Lahore, Pakistan, publicly exposed the data by posting a searchable database link on his Facebook page. The breach affected over 12.5 million registered users, exposing full names, email addresses, MD5-hashed passwords, dates of birth, and linked Facebook and Twitter profiles. Attack methodology involved SQL injection exploiting vulnerable parameters in Gaana’s systems, though the hacker’s motives remained unclear. Mak Man additionally published images of Gaana’s admin panel, demonstrating unauthorized access to backend infrastructure. Initial user advisories recommended deactivating accounts and changing associated social media and email passwords due to risks from password reuse.

Gaana responded by taking its website offline shortly after media reports emerged, disabling the exposed database’s search functionality. Times Internet CEO Satyan Gajwani confirmed via Twitter that login credentials were accessed but asserted no financial or highly sensitive personal data was leaked. Gajwani contacted Mak Man on Facebook, leading to the database’s removal at his request. Gaana reset all user passwords and claimed stored passwords were hashed, though cybersecurity experts noted MD5’s vulnerability to rainbow table attacks. Pranesh Prakash of Bengaluru’s Center for Internet and Society criticized Gaana’s security posture, highlighting inadequate password hashing and lack of SQL input sanitization. The hacker acknowledged Gaana patched the exploited vulnerability but implied undisclosed weaknesses remained. While the immediate database exposure was contained, the incident raised concerns about systemic vulnerabilities in a major Indian internet service provider’s infrastructure.