Details of 10 Million Users Available in a Searchable Database:
Flaw Reported to the Company, but Ignored:
"I don't think your intention is to expose personal information about Gaana users, but to highlight a vulnerability," Gajwani added. "Consider it highlighted, and we're 100% on it. Can I request that you take down access to the data, and delete it completely?"
"I hereby confirm that no financial information was accessed during the hack of Gaana.com .. Database was so huge that I didn't even bother looking and no information was dumped and stored locally .. not even a single row," Mak Man said in a Facebook Post.However, even if the Hacker claims that he has not downloaded the Gaana.com database by exploiting the SQL injection vulnerability, doesn’t mean that nobody else has exploited the flaw, as the loophole in the website was open from last few months.
Meanwhile, it is possible that someone may have had their hands on the vulnerability and already stolen the data in past days without the company’s knowledge.