A white hat hacker used an exploit to gain access to Gaana.com user credentials, because they neglected to fix a security bug he reported.
It seems Gaana.com was hacked a few hours ago, with user data and credentials being accessed. But, in a fortunate turn of events, the responsible party turned out to be a white hat hacker.
Mak Man, the hacker responsible, detailed the incident in a Facebook post, saying he had reported the exploit to the website’s team on multiple occasions, but was ignored. He says he was trying to bring attention to the glaring hole in their security, and had no malicious intent.
While users’ credentials were accessed, Mak Man has since said that the data was being queried in real time, and was not stored or copied on their server.
The mSpy data was leaked to the Deep Web, where hundreds of gigabytes of files, chat logs, location records and other data was dumped after the company reportedly declined to comply with extortion demands made by hackers who’d broken into mSpy’s servers. Included in that huge archive is a 13 gigabyte (compressed) directory referencing countless screen shots taken from devices running mSpy’s software — including screen shots taken secretly by users who installed the software on a friend or partner’s device.
The log file of the screen shots taken from mSpy-infested devices doesn’t store the actual screenshot, but instead includes incomplete links to the images. Incredibly, nearly two weeks after this breach became public, all of the leaked screen shots remain viewable over the Internet with nothing more than a Web browser if one knows the base URL that precedes the file name. And that base URL is trivial to work out if you have an active mSpy account.
Police are hoping that citizens can help catch some men suspected of attaching credit card ‘skimmer’ devices at local banks….. The devices have been discovered on ATM machines at both branches of Bank of Colorado in Grand Junction.