Update- No data was ever stored, and the site is removed. Nonetheless, we are resetting all user details on @gaana pic.twitter.com/YanYnA0XXA— Satyan Gajwani (@satyangajwani) May 28, 2015
Sunday, 31 May 2015
GAANA.COM HACKED !!!!
Why there in an urgent need of security experts in India! GAANA.COM GOT HACKED
If you have'nt heard about the news of Gaana.com getting hacked this week , you are either probably living in a den or you don't follow tech news at all. Gaana.com is a Timesgroup venture which is one of the biggest business groups in india with billions in revenues and apparently a hacker from Pakistan named “Makman” hacked it with a method called Sql injection ,which bytheway is so common that every teenager in ethical hacking and security starts his career by learning the same. Data of approximately 10 millions users was compromised and hacker posted the link to a searchable database of Gaana user details on his Facebook page, with images of the service's admin panel.Anybody could access all the information of the users by just entering the email. It sound strange that a large company like TimesInternet did'nt have a pentesting or security team to deal with such issues because of which such an exploit could be found easily.
What happened next is even more interesting. Mr Satyan Gatwani ,the CEO of timesinternet , interacted with the hacker on his facebook page, and in a hurry to save himself and his company from the embarassment,even offered to hire the same hacker as a security consultant.
The website was removed and the hacker officially posted a tweet declaring that no data was used or stored locally. But the bigger issue here still remains unsolved. How could companies compromise on the security front of the technology ? Is there still a shortage of talent in the security sector?
With major players like CSSRL Laboratories coming in the market, the issue of talent is getting resolved but all the companies need to wake up before it's too late. To spread the skills across, CSSRL Laboratories has initiated Global Partnership Initiative to offer best of Franchise Opportunities to Entrepreneurs and Investors across, to create a Globe Enveloping IT Security Community. In this case , no harm was done. But we should not wait for the day when users have to suffer because of the fact that companies didn't have a proper security team.
- Naman Sharma