A Privacy bug was found in the largest Indian
online music streaming service Gaana website, which allowed access to private
details of users including the date of birth.
A Security researcher Avinash, found
an Insecure direct object reference vulnerability, and reported it to the
Gaana.com. Gaana.com fixed the bugs after three weeks.
Avinash said a bug in an Internal API gave him access to 11 Million records. A simple HTTP Get request with the corresponding User ID is enough to get their details.
The researcher said he was able to access full name, profile picture, email address, date of birth and last song they listened on Gaana.
Avinash said a bug in an Internal API gave him access to 11 Million records. A simple HTTP Get request with the corresponding User ID is enough to get their details.
The researcher said he was able to access full name, profile picture, email address, date of birth and last song they listened on Gaana.
When EHN contacted the author about why the original article has been removed
from the blog by the author. He replied that "he removed it after getting
a request from Gaana.com."
You can find the cached version of the Blog post in Google Cache
You can find the cached version of the Blog post in Google Cache
A
Privacy bug was found in the largest Indian online music streaming
service Gaana website, which allowed access to private details of users
including the date of birth. - See more at:
http://www.ehackingnews.com/2015/06/privacy-bug-found-in-gaanacom.html#sthash.bSfgo4Ua.dpuf
A Privacy bug was found
in the largest Indian online music streaming service Gaana website,
which allowed access to private details of users including the date of
birth.
A Security researcher Avinash, found
an Insecure direct object reference vulnerability, and reported it to
the Gaana.com. Gaana.com fixed the bugs after three weeks.
Avinash said a bug in an Internal API gave him access to 11 Million records. A simple HTTP Get request with the corresponding User ID is enough to get their details.
The researcher said he was able to access full name, profile picture, email address, date of birth and last song they listened on Gaana.
In his blog post, he wrote “ On 12th of May I had discovered a vulnerability on Gaana.com. I contacted their team and it was fixed recently.”
When EHN contacted the author about why the original article has been removed from the blog by the author. He replied that "he removed it after getting a request from Gaana.com."
You can find the cached version of the Blog post in Google Cache.
- See more at: http://www.ehackingnews.com/2015/06/privacy-bug-found-in-gaanacom.html#sthash.bSfgo4Ua.dpufAvinash said a bug in an Internal API gave him access to 11 Million records. A simple HTTP Get request with the corresponding User ID is enough to get their details.
The researcher said he was able to access full name, profile picture, email address, date of birth and last song they listened on Gaana.
In his blog post, he wrote “ On 12th of May I had discovered a vulnerability on Gaana.com. I contacted their team and it was fixed recently.”
When EHN contacted the author about why the original article has been removed from the blog by the author. He replied that "he removed it after getting a request from Gaana.com."
You can find the cached version of the Blog post in Google Cache.
A Privacy bug was found
in the largest Indian online music streaming service Gaana website,
which allowed access to private details of users including the date of
birth.
A Security researcher Avinash, found
an Insecure direct object reference vulnerability, and reported it to
the Gaana.com. Gaana.com fixed the bugs after three weeks.
Avinash said a bug in an Internal API gave him access to 11 Million records. A simple HTTP Get request with the corresponding User ID is enough to get their details.
The researcher said he was able to access full name, profile picture, email address, date of birth and last song they listened on Gaana.
In his blog post, he wrote “ On 12th of May I had discovered a vulnerability on Gaana.com. I contacted their team and it was fixed recently.”
When EHN contacted the author about why the original article has been removed from the blog by the author. He replied that "he removed it after getting a request from Gaana.com."
You can find the cached version of the Blog post in Google Cache.
- See more at: http://www.ehackingnews.com/2015/06/privacy-bug-found-in-gaanacom.html#sthash.bSfgo4Ua.dpufAvinash said a bug in an Internal API gave him access to 11 Million records. A simple HTTP Get request with the corresponding User ID is enough to get their details.
The researcher said he was able to access full name, profile picture, email address, date of birth and last song they listened on Gaana.
In his blog post, he wrote “ On 12th of May I had discovered a vulnerability on Gaana.com. I contacted their team and it was fixed recently.”
When EHN contacted the author about why the original article has been removed from the blog by the author. He replied that "he removed it after getting a request from Gaana.com."
You can find the cached version of the Blog post in Google Cache.
0 comments: