Satyan Gajwani, chief executive officer, Times Internet (TIL), the online arm of Bennett, Coleman Company, had a busy Thursday. TIL’s music download portal gaana.com, which has over 10 million users, faced a proof of concept attack by a Pakistani hacker codenamed Mak Man. Amid concerns over risk to user data, the tech-savvy 30-year old effectively used Facebook and Twitter to interact with Mak Man to defuse the crisis. He tells N Sundaresha Subramanianabout online fire-fighting in the age of internet. Edited excerpts:
When did Gaana.com find out about the hacking because there seems to be a considerable time lapse between Mak Man’s facebook post and your responses?
We found out around 2pm, and fixed it before 3pm. Posted about it by 4pm.
The hackers claim they had pointed out issues to the admin earlier but these were ignored. Is this correct?
We’re looking into it. We think the mails may have gone to an old email address.
Makman and Sajjad FB accounts claim to be in Pakistan. Do you think this is correct?
I don’t know.
Will you go for any legal action against these people?
No, these are white hat hackers. They were trying to raise awareness about the vulnerability. As soon as we acknowledged it, they took it down, and they never saved any data.
You have asked these hackers to work with you. Is this the best response, though it seemed to have worked?
These weren’t hackers with any intention to do any harm, just to point something out. What’s most important is that our users’ data wasn’t compromised, which matters more than anything else. And we’ve asked them, as well as other external experts, to help us by testing our systems to find any other potential issues.
The hackers claim there might be other vulnerabilities in the system. How do you plan to address these?
We patched a lot of this in the last 24 hours. We’re continuing to monitor things closely, but things are stable and secure. In a week or two, we will be asking external security experts to test our systems to find any other potential issues.
Do you think these hackers might be working on behalf of some of your business rivals?
No, they wanted to raise awareness about the vulnerability, and they did.
They’ve been fully cooperative since then, having taken down the data, confirming that no sensitive, personal, or financial data was accessed, nothing was saved, and hardly any records were even accessed in the first place.
View the original content and more from this author here: http://ift.tt/1d65PXa
from hacker samurai http://ift.tt/1d65O5I
via IFTTT
No comments:
Post a Comment