Gaana

Gaana.com, also known as Gaana, is a music streaming service headquartered in India. The organisation provides digital access to a library of songs, enabling users to stream audio content over the internet. Its primary function centres on delivering music entertainment through an online platform accessible to consumers in its served markets.

On May 28, 2015, Gaana experienced a significant security breach when an attacker exploited SQL injection vulnerabilities in its systems. This intrusion allowed unauthorized access to the user database, resulting in the exposure of millions of users' personal information. The compromised data included email addresses, full names, dates of birth, and MD5-hashed passwords, along with details of linked social media profiles. The hacker, operating under the alias Mak Man, subsequently published searchable records of the stolen data on social media platforms. Additionally, the attacker shared images purportedly showing the platform's admin panel to demonstrate the extent of the access gained. Following the disclosure, Gaana temporarily took its service offline to address the vulnerability and contain the breach.

After the initial exposure, Gaana implemented security patches to fix the exploited SQL injection flaw and initiated a mandatory password reset for all affected user accounts. The company publicly asserted that no financial data, such as payment information or banking details, was accessed during the incident. Security experts later criticised the organisation's use of the MD5 algorithm for password hashing, noting its known vulnerability to rapid cracking and inadequate protection for user credentials. Despite the criticism, experts acknowledged the hacker's claim that the motivation behind the intrusion was to highlight and demonstrate existing security weaknesses in the service. The exposed database was eventually removed from public circulation after direct communication occurred between the hacker and Gaana's leadership team.